aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorMike Isely <isely@pobox.com>2008-04-07 02:22:43 -0300
committerMauro Carvalho Chehab <mchehab@infradead.org>2008-04-24 14:09:48 -0300
commit97f26ff6049a7fff5460cebe392ad1d699dc434c (patch)
tree8baf83788707e1488918ba00c7430b6f7b0a9d45 /drivers
parente5be15c63804e05b5a94197524023702a259e308 (diff)
downloadkernel_samsung_smdk4412-97f26ff6049a7fff5460cebe392ad1d699dc434c.tar.gz
kernel_samsung_smdk4412-97f26ff6049a7fff5460cebe392ad1d699dc434c.tar.bz2
kernel_samsung_smdk4412-97f26ff6049a7fff5460cebe392ad1d699dc434c.zip
V4L/DVB (7712): pvrusb2: Close connect/disconnect race
If a disconnect happens before initialization is completed, the pvrusb2 driver can accidentally touch dangling pointers. The whole initialization function must be protected by the big_lock, and once inside that lock, the initialization function should abort if it is discovered that a disconnect has already taken place. Signed-off-by: Mike Isely <isely@pobox.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/media/video/pvrusb2/pvrusb2-hdw.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/drivers/media/video/pvrusb2/pvrusb2-hdw.c b/drivers/media/video/pvrusb2/pvrusb2-hdw.c
index 4f6bb58ca5f..f907a56c587 100644
--- a/drivers/media/video/pvrusb2/pvrusb2-hdw.c
+++ b/drivers/media/video/pvrusb2/pvrusb2-hdw.c
@@ -1854,10 +1854,19 @@ int pvr2_hdw_initialize(struct pvr2_hdw *hdw,
void *callback_data)
{
LOCK_TAKE(hdw->big_lock); do {
+ if (hdw->flag_disconnected) {
+ /* Handle a race here: If we're already
+ disconnected by this point, then give up. If we
+ get past this then we'll remain connected for
+ the duration of initialization since the entire
+ initialization sequence is now protected by the
+ big_lock. */
+ break;
+ }
hdw->state_data = callback_data;
hdw->state_func = callback_func;
+ pvr2_hdw_setup(hdw);
} while (0); LOCK_GIVE(hdw->big_lock);
- pvr2_hdw_setup(hdw);
return hdw->flag_init_ok;
}