review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Brad Love <brad@nextdimension.cc>
	Fri, 5 Jan 2018 00:04:17 +0000 (19:04 -0500)
committer	Mauro Carvalho Chehab <mchehab@s-opensource.com>
	Tue, 6 Mar 2018 09:35:28 +0000 (04:35 -0500)
commit	5b3a8e906973540b61dbf402c6b6f8d64d4ae119
tree	c38f1fa1b4b8faeb3c5ae6d0037459b3cda1ecc1	tree \| snapshot
parent	cc4406d919d25f2d8667a0eebab179dadaaa1cb5	commit \| diff

media: lgdt3306a: Set fe ops.release to NULL if probed

If release is part of frontend ops then it is called in the
course of dvb_frontend_detach. The process also decrements
the module usage count. The problem is if the lgdt3306a
driver is reached via i2c_new_device, then when it is
eventually destroyed remove is called, which further
decrements the module usage count to negative. After this
occurs the driver is in a bad state and no longer works.
Also fixed by NULLing out the release callback is a double
kfree of state, which introduces arbitrary oopses/GPF.
This problem is only currently reachable via the em28xx driver.

On disconnect of Hauppauge SoloHD before:

lsmod | grep lgdt3306a
lgdt3306a              28672  -1
i2c_mux                16384  1 lgdt3306a

On disconnect of Hauppauge SoloHD after:

lsmod | grep lgdt3306a
lgdt3306a              28672  0
i2c_mux                16384  1 lgdt3306a

Signed-off-by: Brad Love <brad@nextdimension.cc>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>