Re: some missing spin_unlocks

[David S. Miller]

From: Ted Unangst <tedu@xxxxxxxxxxxx>
Date: Mon, 22 Aug 2005 15:26:47 -0700

> net/rose/rose_route.c rose_route_frame, line 998
> returns without unlocking rose_node_list_lock, rose_neigh_list_lock, or 
> rose_route_list_lock

I fixed this one with the patch below.

> net/rose/rose_timer.c rose_heartbeat_expiry, line 141
> rose_destroy_socket does not unlock sk as far as i can see

This one needs more care.  We can't drop the lock, because
the destroy actions need to be protected by that lock, but
we can't release the lock after rose_destroy_socket() because
the object may not even exist any longer.

The problem there, at the core, is that the timer doesn't
grab a reference to the socket, which would make the solution
to this bug very straight forward.

Someone should work on that :-)

diff-tree 61ef36aa6cf356649863a24a850c2183cb762c61 (from daf53344fadaa8c47c6b0864e7f34efcbb66e391)
Author: David S. Miller <davem@xxxxxxxxxxxxx>
Date:   Tue Aug 23 09:42:38 2005 -0700

    [ROSE]: Fix missing unlocks in rose_route_frame()
    
    Noticed by Coverity checker.
    
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>

diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -994,8 +994,10 @@ int rose_route_frame(struct sk_buff *skb
 	 *	1. The frame isn't for us,
 	 *	2. It isn't "owned" by any existing route.
 	 */
-	if (frametype != ROSE_CALL_REQUEST)	/* XXX */
-		return 0;
+	if (frametype != ROSE_CALL_REQUEST) {	/* XXX */
+		ret = 0;
+		goto out;
+	}
 
 	len  = (((skb->data[3] >> 4) & 0x0F) + 1) / 2;
 	len += (((skb->data[3] >> 0) & 0x0F) + 1) / 2;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/