On Tue, Mar 07, 2017 at 05:47:44PM +0100, Sebastian Andrzej Siewior wrote:
> On 2017-03-07 14:22:14 [+0100], Thomas Gleixner wrote:
> > Both 'return' statements leak &pi_state->pi_mutex.wait_lock ....
>
> this has unlock in both 'return's.
> handle_fault:
> + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
> spin_unlock(q->lock_ptr);
>
> ret = fault_in_user_writeable(uaddr);
>
> spin_lock(q->lock_ptr);
> + raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
>
> /*
> * Check if someone else fixed it for us:
> */
> - if (pi_state->owner != oldowner)
> + if (pi_state->owner != oldowner) {
> + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
> return 0;
> + }
>
> - if (ret)
> + if (ret) {
> + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
> return ret;
> + }
>
> goto retry;
> }
I had locally already fixed it with a common:
out_unlock:
raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
return ret;
