The 'blktrans_open()' does not handle possible '__get_mtd_device()' failures
because it does not check the error code. Moreover, the 'dev->tr->open()'
failures are not handled correctly because in this case the function just
goes ahead and gets the mtd device, then returns an error. But Instead, it
should _not_ try to get the mtd device, then it should put back the module
and the kref.
This patch fixes the issue. Note, I only compile-tested it. This patch was
inspired by a bug report about a similar issue in 2.6.34 kernels
sent by Mike Turner <admin@islandsoftware.co.uk> to the MTD mailing list:
http://lists.infradead.org/pipermail/linux-mtd/2011-April/034980.html
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
kref_get(&dev->ref);
__module_get(dev->tr->owner);
- if (dev->mtd) {
- ret = dev->tr->open ? dev->tr->open(dev) : 0;
- __get_mtd_device(dev->mtd);
+ if (!dev->mtd)
+ goto unlock;
+
+ if (dev->tr->open) {
+ ret = dev->tr->open(dev);
+ if (ret)
+ goto error_put;
}
+ ret = __get_mtd_device(dev->mtd);
+ if (ret)
+ goto error_release;
+
unlock:
mutex_unlock(&dev->lock);
blktrans_dev_put(dev);
return ret;
+
+error_release:
+ if (dev->tr->release)
+ dev->tr->release(dev);
+error_put:
+ module_put(dev->tr->owner);
+ kref_put(&dev->ref, blktrans_dev_release);
+ mutex_unlock(&dev->lock);
+ blktrans_dev_put(dev);
+ return ret;
}
static int blktrans_release(struct gendisk *disk, fmode_t mode)
projects / users / willy / pagecache.git / commitdiff