From: Jing Xiangfeng <jingxiangf...@huawei.com>
[ Upstream commit ab5b769a23af12a675b9f3d7dd529250c527f5ac ]
gasket_interrupt_set_eventfd() misses to call eventfd_ctx_put() in an
error path. We check interrupt is valid before calling
eventfd_ctx_fdget() to fix it.
There is the same issue in gasket_interrupt_clear_eventfd(), Add the
missed function call to fix it.
Fixes: 9a69f5087ccc ("drivers/staging: Gasket driver framework + Apex driver")
Signed-off-by: Jing Xiangfeng <jingxiangf...@huawei.com>
Link: https://lore.kernel.org/r/20201112064924.99680-1-jingxiangf...@huawei.com
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
drivers/staging/gasket/gasket_interrupt.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/staging/gasket/gasket_interrupt.c
b/drivers/staging/gasket/gasket_interrupt.c
index 1cfbc120f2284..225460c535d61 100644
--- a/drivers/staging/gasket/gasket_interrupt.c
+++ b/drivers/staging/gasket/gasket_interrupt.c
@@ -527,14 +527,16 @@ int gasket_interrupt_system_status(struct gasket_dev
*gasket_dev)
int gasket_interrupt_set_eventfd(struct gasket_interrupt_data *interrupt_data,
int interrupt, int event_fd)
{
- struct eventfd_ctx *ctx = eventfd_ctx_fdget(event_fd);
-
- if (IS_ERR(ctx))
- return PTR_ERR(ctx);
+ struct eventfd_ctx *ctx;
if (interrupt < 0 || interrupt >= interrupt_data->num_interrupts)
return -EINVAL;
+ ctx = eventfd_ctx_fdget(event_fd);
+
+ if (IS_ERR(ctx))
+ return PTR_ERR(ctx);
+
interrupt_data->eventfd_ctxs[interrupt] = ctx;
return 0;
}
@@ -545,6 +547,9 @@ int gasket_interrupt_clear_eventfd(struct
gasket_interrupt_data *interrupt_data,
if (interrupt < 0 || interrupt >= interrupt_data->num_interrupts)
return -EINVAL;
- interrupt_data->eventfd_ctxs[interrupt] = NULL;
+ if (interrupt_data->eventfd_ctxs[interrupt]) {
+ eventfd_ctx_put(interrupt_data->eventfd_ctxs[interrupt]);
+ interrupt_data->eventfd_ctxs[interrupt] = NULL;
+ }
return 0;
}
--
2.27.0
