From 5f72f6464b9dad2c2cb26af7a2fd5d51acbbdf5b Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Thu, 9 Sep 2010 09:07:30 +0200
Subject: Errorneous semaphore handling in error path fixed

---
 kernel/ChangeLog |  4 ++++
 kernel/ip_set.c  | 10 ++++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/kernel/ChangeLog b/kernel/ChangeLog
index dd1db22..d7b7f86 100644
--- a/kernel/ChangeLog
+++ b/kernel/ChangeLog
@@ -1,3 +1,7 @@
+4.4
+  - Errorneous semaphore handling in error path fixed
+    (reported by Jan Engelhardt, bugzilla id 668)
+
 4.3
   - Kernel 2.6.35 support added
 
diff --git a/kernel/ip_set.c b/kernel/ip_set.c
index 0ce9d3f..7ecdc83 100644
--- a/kernel/ip_set.c
+++ b/kernel/ip_set.c
@@ -929,11 +929,11 @@ ip_set_sockfn_set(struct sock *sk, int optval, void *user, unsigned int len)
 	}
 	if (copy_from_user(data, user, len) != 0) {
 		res = -EFAULT;
-		goto done;
+		goto cleanup;
 	}
 	if (down_interruptible(&ip_set_app_mutex)) {
 		res = -EINTR;
-		goto done;
+		goto cleanup;
 	}
 
 	op = (unsigned *)data;
@@ -1109,6 +1109,7 @@ ip_set_sockfn_set(struct sock *sk, int optval, void *user, unsigned int len)
 
     done:
 	up(&ip_set_app_mutex);
+    cleanup:
 	vfree(data);
 	if (res > 0)
 		res = 0;
@@ -1142,11 +1143,11 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len)
 	}
 	if (copy_from_user(data, user, *len) != 0) {
 		res = -EFAULT;
-		goto done;
+		goto cleanup;
 	}
 	if (down_interruptible(&ip_set_app_mutex)) {
 		res = -EINTR;
-		goto done;
+		goto cleanup;
 	}
 
 	op = (unsigned *) data;
@@ -1439,6 +1440,7 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len)
     	
     done:
 	up(&ip_set_app_mutex);
+    cleanup:
 	vfree(data);
 	if (res > 0)
 		res = 0;
-- 
cgit v1.2.3