Re: double unlock in rng_dev_read()

From: Herbert Xu
Date: Wed Dec 23 2009 - 10:24:16 EST

On Wed, Dec 23, 2009 at 04:53:36PM +0200, Dan Carpenter wrote:
> No no. I mean when size hits zero we are rng_mutex is unlocked.

Good catch! I'll add this patch to the tree. Please take a look
at it. Thanks!

commit f5908267b67917b8cbd98b27fd2be9b5f62ec76f
Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Wed Dec 23 23:22:34 2009 +0800

hwrng: core - Fix double unlock in rng_dev_read

When the loop terminates with size == 0 in rng_dev_read we will
unlock the rng mutex twice.

Reported-by: Dan Carpenter <error27@xxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
index e989f67..3d9c61e 100644
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -158,10 +158,11 @@ static ssize_t rng_dev_read(struct file *filp, char __user *buf,
goto out;
- mutex_unlock(&rng_mutex);
return ret ? : err;
+ mutex_unlock(&rng_mutex);
+ goto out;

Visit Openswan at
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page:
PGP Key:
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at