From: Eli Billauer <eli.billauer@gmail.com>
Date: Thu, 17 Nov 2022 09:18:25 +0200
Subject: char: xillybus: Fix trivial bug with mutex
Git-commit: c002f04c0bc79ec00d4beb75fb631d5bf37419bd
Patch-mainline: v6.2-rc1
References: bsc#1205764 CVE-2022-45888

@unit_mutex protects @unit from being freed, so obviously it should be
released after @unit is used, and not before.

This is a follow-up to commit 282a4b71816b ("char: xillybus: Prevent
use-after-free due to race condition") which ensures, among others, the
protection of @private_data after @unit_mutex has been released.

Reported-by: Hyunwoo Kim <imv4bel@gmail.com>
Signed-off-by: Eli Billauer <eli.billauer@gmail.com>
Link: https://lore.kernel.org/r/20221117071825.3942-1-eli.billauer@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/char/xillybus/xillybus_class.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/drivers/char/xillybus/xillybus_class.c
+++ b/drivers/char/xillybus/xillybus_class.c
@@ -229,14 +229,15 @@ int xillybus_find_inode(struct inode *in
 			break;
 		}
 
-	mutex_unlock(&unit_mutex);
-
-	if (!found)
+	if (!found) {
+		mutex_unlock(&unit_mutex);
 		return -ENODEV;
+	}
 
 	*private_data = unit->private_data;
 	*index = minor - unit->lowest_minor;
 
+	mutex_unlock(&unit_mutex);
 	return 0;
 }
 EXPORT_SYMBOL(xillybus_find_inode);