cx8802_blackbird_probe makes a device node for the mpeg sub-device
before it has been added to dev->drvlist. If the device is opened
during that time, the open succeeds but request_acquire cannot be
called, so the reference count remains zero. Later, when the device
is closed, the reference count becomes negative --- uh oh.
Close the race by holding core->lock during probe and not releasing
until the device is in drvlist and initialization finished.
Previously the BKL prevented this race.
Reported-by: Andreas Huber <hobrom@gmx.at>
Tested-by: Andi Huber <hobrom@gmx.at>
Tested-by: Marlon de Boer <marlon@hyves.nl>
Cc: stable@kernel.org
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
blackbird_register_video(dev);
/* initial device configuration: needed ? */
- mutex_lock(&dev->core->lock);
// init_controls(core);
cx88_set_tvnorm(core,core->tvnorm);
cx88_video_mux(core,0);
- mutex_unlock(&dev->core->lock);
return 0;
drv->request_release = cx8802_request_release;
memcpy(driver, drv, sizeof(*driver));
+ mutex_lock(&drv->core->lock);
err = drv->probe(driver);
if (err == 0) {
i++;
- mutex_lock(&drv->core->lock);
list_add_tail(&driver->drvlist, &dev->drvlist);
- mutex_unlock(&drv->core->lock);
} else {
printk(KERN_ERR
"%s/2: cx8802 probe failed, err = %d\n",
dev->core->name, err);
}
-
+ mutex_unlock(&drv->core->lock);
}
return i ? 0 : -ENODEV;
int (*suspend)(struct pci_dev *pci_dev, pm_message_t state);
int (*resume)(struct pci_dev *pci_dev);
- /* MPEG 8802 -> mini driver - Driver probe and configuration */
-
- /* Caller must _not_ hold core->lock */
- int (*probe)(struct cx8802_driver *drv);
-
/* Callers to the following functions must hold core->lock */
+ /* MPEG 8802 -> mini driver - Driver probe and configuration */
+ int (*probe)(struct cx8802_driver *drv);
int (*remove)(struct cx8802_driver *drv);
/* MPEG 8802 -> mini driver - Access for hardware control */
projects / platform / kernel / linux-rpi.git / commitdiff