[PATCH 3/3] Staging: bcm: Fix semaphore locking error when downloading firmware.

Kevin McKinney klmckinney1 at gmail.com
Wed Nov 23 01:25:57 UTC 2011 

This patch releases semaphore locks when
an error occurrs while attempting to
download firmware for the bcm driver.
When downloading firmware for this driver,
a process is expected to call
the following ioctl's in this order:
(1)IOCTL_BCM_BUFFER_DOWNLOAD_START,
(2)IOCTL_BCM_BUFFER_DOWNLOAD, and (3)
IOCTL_BCM_BUFFER_DOWNLOAD_STOP.
Semaphore, “Adapter->fw_download_sema” is
expected to be acquired in the first ioctl,
IOCTL_BCM_BUFFER_DOWNLOAD_START, and it should
block until IOCTL_BCM_BUFFER_DOWNLOAD_STOP
is called.  In this case, if an error
occurred before STOP finished, the semaphore
"Adapter->fw_download_sema" was not being released.

Signed-off-by: Kevin McKinney <klmckinney1 at gmail.com>
---
 drivers/staging/bcm/Bcmchar.c |   17 +++++++++++++----
 1 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c
index 36a0f29..774a6b6 100644
--- a/drivers/staging/bcm/Bcmchar.c
+++ b/drivers/staging/bcm/Bcmchar.c
@@ -779,27 +779,36 @@ cntrlEnd:
 		}
 
 		/* Copy Ioctl Buffer structure */
-		if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+		if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER))) {
+			up(&Adapter->fw_download_sema);
 			return -EFAULT;
+		}
 
 		BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0,
 				"Length for FW DLD is : %lx\n", IoBuffer.InputLength);
 
-		if (IoBuffer.InputLength > sizeof(FIRMWARE_INFO))
+		if (IoBuffer.InputLength > sizeof(FIRMWARE_INFO)) {
+			up(&Adapter->fw_download_sema);
 			return -EINVAL;
+		}
 
 		psFwInfo = kmalloc(sizeof(*psFwInfo), GFP_KERNEL);
-		if (!psFwInfo)
+		if (!psFwInfo) {
+			up(&Adapter->fw_download_sema);
 			return -ENOMEM;
+		}
 
-		if (copy_from_user(psFwInfo, IoBuffer.InputBuffer, IoBuffer.InputLength))
+		if (copy_from_user(psFwInfo, IoBuffer.InputBuffer, IoBuffer.InputLength)) {
+			up(&Adapter->fw_download_sema);
 			return -EFAULT;
+		}
 
 		if (!psFwInfo->pvMappedFirmwareAddress ||
 			(psFwInfo->u32FirmwareLength == 0)) {
 
 			BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Something else is wrong %lu\n",
 					psFwInfo->u32FirmwareLength);
+			up(&Adapter->fw_download_sema);
 			Status = -EINVAL;
 			break;
 		}
-- 
1.7.4.1

More information about the devel mailing list