ANDROID: goldfish: goldfish_pipe: fix locking errors
authorGreg Hackmann <ghackmann@google.com>
Fri, 18 Nov 2016 19:09:02 +0000 (11:09 -0800)
committerAmit Pundir <amit.pundir@linaro.org>
Thu, 1 Dec 2016 09:48:44 +0000 (15:18 +0530)
If the get_user_pages_fast() call in goldfish_pipe_read_write() failed,
it would return while still holding pipe->lock.

goldfish_pipe_read_write() later releases and tries to re-acquire
pipe->lock.  If the re-acquire call failed, goldfish_pipe_read_write()
would try unlock pipe->lock on exit anyway.

This fixes the smatch messages:

drivers/platform/goldfish/goldfish_pipe.c:392 goldfish_pipe_read_write() error: double unlock 'mutex:&pipe->lock'
drivers/platform/goldfish/goldfish_pipe.c:397 goldfish_pipe_read_write() warn: inconsistent returns 'mutex:&pipe->lock'.

Change-Id: Ifd06a76b32027ca451a001704ade0c5440ed69c4
Signed-off-by: Greg Hackmann <ghackmann@google.com>
drivers/platform/goldfish/goldfish_pipe.c

index cf7ce97e7346ed9306187ad36cdee36c695253db..fd1452e283522d0e79943e9fa85db57351a32221 100644 (file)
@@ -273,11 +273,13 @@ static ssize_t goldfish_pipe_read_write(struct file *filp, char __user *buffer,
                if (ret == 0) {
                        DPRINT("%s: error: (requested pages == 0) (wanted %d)\n",
                                        __FUNCTION__, requested_pages);
+                       mutex_unlock(&pipe->lock);
                        return ret;
                }
                if (ret < 0) {
                        DPRINT("%s: (requested pages < 0) %d \n",
                                        __FUNCTION__, requested_pages);
+                       mutex_unlock(&pipe->lock);
                        return ret;
                }
 
@@ -384,10 +386,8 @@ static ssize_t goldfish_pipe_read_write(struct file *filp, char __user *buffer,
                }
 
                /* Try to re-acquire the lock */
-               if (mutex_lock_interruptible(&pipe->lock)) {
-                       ret = -ERESTARTSYS;
-                       break;
-               }
+               if (mutex_lock_interruptible(&pipe->lock))
+                       return -ERESTARTSYS;
        }
        mutex_unlock(&pipe->lock);