media: lirc: do not call close() or open() on unregistered devices

If a lirc chardev is held open after a device is unplugged, rc_close()
will be called after rc_unregister_device(). The driver is not expecting
any calls at this point, and the iguanair driver causes an oops in
this scenario.

rc_open() can be called when the device is removed too, by calling open
on the chardev whilst the device is being removed.

Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>

diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c
index 8b1b20e7a3c3156e373ec5fba9bfdb9ac2979df2..ace00e77c96ad0057278de911c911b78a7607961 100644 (file)
--- a/drivers/media/rc/rc-main.c
+++ b/drivers/media/rc/rc-main.c
@@ -863,11 +863,15 @@ int rc_open(struct rc_dev *rdev)
 
        mutex_lock(&rdev->lock);
 
-       if (!rdev->users++ && rdev->open != NULL)
-               rval = rdev->open(rdev);
+       if (!rdev->registered) {
+               rval = -ENODEV;
+       } else {
+               if (!rdev->users++ && rdev->open)
+                       rval = rdev->open(rdev);
 
-       if (rval)
-               rdev->users--;
+               if (rval)
+                       rdev->users--;
+       }
 
        mutex_unlock(&rdev->lock);
 
@@ -886,7 +890,7 @@ void rc_close(struct rc_dev *rdev)
        if (rdev) {
                mutex_lock(&rdev->lock);
 
-               if (!--rdev->users && rdev->close != NULL)
+               if (!--rdev->users && rdev->close && rdev->registered)
                        rdev->close(rdev);
 
                mutex_unlock(&rdev->lock);