[PATCH] messages: i2o: fix deadlock in compat_ioctl(I2OGETIOPS)

From: Alexey Khoroshilov
Date: Fri Jan 31 2014 - 17:30:17 EST

Next message: Al Viro: "Re: [PATCH] Fix mountpoint reference leakage in linkat"
Previous message: Florian Fainelli: "Re: [PATCH 2/2] of_mdio: Allow the DT to specify the phy ID and avoid autoprobing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i2o_cfg_compat_ioctl(I2OGETIOPS) locks i2o_cfg_mutex and then calls
i2o_cfg_ioctl(I2OGETIOPS) that locks i2o_cfg_mutex as well.
A deadlock is guaranteed.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
---
drivers/message/i2o/i2o_config.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/message/i2o/i2o_config.c b/drivers/message/i2o/i2o_config.c
index a60c188c2bd9..04bd3b6de401 100644
--- a/drivers/message/i2o/i2o_config.c
+++ b/drivers/message/i2o/i2o_config.c
@@ -754,19 +754,19 @@ static long i2o_cfg_compat_ioctl(struct file *file, unsigned cmd,
unsigned long arg)
{
int ret;
- mutex_lock(&i2o_cfg_mutex);
switch (cmd) {
case I2OGETIOPS:
ret = i2o_cfg_ioctl(file, cmd, arg);
break;
case I2OPASSTHRU32:
+ mutex_lock(&i2o_cfg_mutex);
ret = i2o_cfg_passthru32(file, cmd, arg);
+ mutex_unlock(&i2o_cfg_mutex);
break;
default:
ret = -ENOIOCTLCMD;
break;
}
- mutex_unlock(&i2o_cfg_mutex);
return ret;
}

--
1.8.3.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: [PATCH] Fix mountpoint reference leakage in linkat"
Previous message: Florian Fainelli: "Re: [PATCH 2/2] of_mdio: Allow the DT to specify the phy ID and avoid autoprobing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]