From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Arend van Spriel" <arend@broadcom.com>
Subject: Re: [PATCH 3/5] drivers/hid/hid-roccat.c: eliminate a null
 pointer dereference
Date: Mon, 31 Oct 2011 10:22:53 +0100
Message-ID: <4EAE68ED.9070406@broadcom.com>
References: <1319846297-2985-3-git-send-email-julia@diku.dk>
 <20111029062412.GG14881@longonot.mountain>
 <4EABC937.60600@broadcom.com>
 <CANq1E4QJoM+NYub9hfs3KnL1w212FK0MHo8ez2p1nyGmNVb-=A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain;
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Return-path: <linux-input-owner@vger.kernel.org>
Received: from mms2.broadcom.com ([216.31.210.18]:4523 "EHLO mms2.broadcom.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932260Ab1JaJXI (ORCPT <rfc822;linux-input@vger.kernel.org>);
	Mon, 31 Oct 2011 05:23:08 -0400
In-Reply-To: <CANq1E4QJoM+NYub9hfs3KnL1w212FK0MHo8ez2p1nyGmNVb-=A@mail.gmail.com>
Sender: linux-input-owner@vger.kernel.org
List-Id: linux-input@vger.kernel.org
To: David Herrmann <dh.herrmann@googlemail.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>, Julia Lawall <julia@diku.dk>, Jiri Kosina <jkosina@suse.cz>, "kernel-janitors@vger.kernel.org" <kernel-janitors@vger.kernel.org>, "linux-input@vger.kernel.org" <linux-input@vger.kernel.org>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>

On 10/29/2011 12:53 PM, David Herrmann wrote:
> On Sat, Oct 29, 2011 at 11:36 AM, Arend van Spriel <arend@broadcom.com> wrote:
>> On 10/29/2011 08:24 AM, Dan Carpenter wrote:
>>> On Sat, Oct 29, 2011 at 01:58:15AM +0200, Julia Lawall wrote:
>>>> diff --git a/drivers/hid/hid-roccat.c b/drivers/hid/hid-roccat.c
>>>> index 2596321..36a28b8 100644
>>>> --- a/drivers/hid/hid-roccat.c
>>>> +++ b/drivers/hid/hid-roccat.c
>>>> @@ -163,14 +163,15 @@ static int roccat_open(struct inode *inode, struct file *file)
>>>>
>>>>      device = devices[minor];
>>>>
>>>> -    mutex_lock(&device->readers_lock);
>>>> -
>>>>      if (!device) {
>>>>              pr_emerg("roccat device with minor %d doesn't exist\n", minor);
>>>> -            error = -ENODEV;
>>>> -            goto exit_err;
>>>> +            kfree(reader);
>>>> +            mutex_lock(&devices_lock);
>>>
>>> Typo.  mutex_unlock() instead of mutex_lock().
>>
>> This is no typo, but simply wrong. Remove the mutex_lock() as we are
>> leaving the function here in error flow.
> 
> No, this one is definitely needed. Its devices_lock, not
> device->readers_lock! And devices_lock is locked before so we need to
> unlock it if we return in this branch.

You are right. I missed that. As usual Dan's eye is sharper ;-)

Gr. AvS