Commit 4ccb93ce authored by Dave Jones's avatar Dave Jones Committed by David S. Miller

x25: Fix broken locking in ioctl error paths.

Two of the x25 ioctl cases have error paths that break out of the function without
unlocking the socket, leading to this warning:

================================================
[ BUG: lock held when returning to user space! ]
3.10.0-rc7+ #36 Not tainted
------------------------------------------------
trinity-child2/31407 is leaving the kernel with locks still held!
1 lock held by trinity-child2/31407:
 #0:  (sk_lock-AF_X25){+.+.+.}, at: [<ffffffffa024b6da>] x25_ioctl+0x8a/0x740 [x25]
Signed-off-by: default avatarDave Jones <davej@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent aec0a40a
......@@ -1583,11 +1583,11 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
case SIOCX25CALLACCPTAPPRV: {
rc = -EINVAL;
lock_sock(sk);
if (sk->sk_state != TCP_CLOSE)
break;
if (sk->sk_state == TCP_CLOSE) {
clear_bit(X25_ACCPT_APPRV_FLAG, &x25->flags);
release_sock(sk);
rc = 0;
}
release_sock(sk);
break;
}
......@@ -1595,14 +1595,15 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
rc = -EINVAL;
lock_sock(sk);
if (sk->sk_state != TCP_ESTABLISHED)
break;
goto out_sendcallaccpt_release;
/* must call accptapprv above */
if (test_bit(X25_ACCPT_APPRV_FLAG, &x25->flags))
break;
goto out_sendcallaccpt_release;
x25_write_internal(sk, X25_CALL_ACCEPTED);
x25->state = X25_STATE_3;
release_sock(sk);
rc = 0;
out_sendcallaccpt_release:
release_sock(sk);
break;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment