| User: | Jiri Slaby |
| Error type: | Double Unlock |
| Error type description: | Some lock is unlocked twice unintentionally in a sequence |
| File location: | fs/inotify_user.c |
| Line in file: | 516 |
| Project: | Linux Kernel |
| Project version: | 2.6.28 |
| Tools: |
Stanse
(1.2)
Smatch (1.59) |
| Entered: | 2011-11-07 22:20:57 UTC |
486 break; 487 } 488 remove_kevent(dev, kevent); 489 490 /* 491 * Must perform the copy_to_user outside the mutex in order 492 * to avoid a lock order reversal with mmap_sem. 493 */ 494 mutex_unlock(&dev->ev_mutex); 495 496 if (copy_to_user(buf, &kevent->event, event_size)) { 497 ret = -EFAULT; 498 break; 499 } 500 buf += event_size; 501 count -= event_size; 502 503 if (kevent->name) { 504 if (copy_to_user(buf, kevent->name, kevent->event.len)){ 505 ret = -EFAULT; 506 break; 507 } 508 buf += kevent->event.len; 509 count -= kevent->event.len; 510 } 511 512 free_kevent(kevent); 513 514 mutex_lock(&dev->ev_mutex); 515 } 516 mutex_unlock(&dev->ev_mutex); 517 518 return ret; 519} 520 521static int inotify_fasync(int fd, struct file *file, int on) 522{ 523 struct inotify_device *dev = file->private_data; 524 525 return fasync_helper(fd, file, on, &dev->fa) >= 0 ? 0 : -EIO; 526}