Commit 97f26ff6 authored by Mike Isely's avatar Mike Isely Committed by Mauro Carvalho Chehab

V4L/DVB (7712): pvrusb2: Close connect/disconnect race

If a disconnect happens before initialization is completed, the
pvrusb2 driver can accidentally touch dangling pointers.  The whole
initialization function must be protected by the big_lock, and once
inside that lock, the initialization function should abort if it is
discovered that a disconnect has already taken place.
Signed-off-by: default avatarMike Isely <isely@pobox.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@infradead.org>
parent e5be15c6
...@@ -1854,10 +1854,19 @@ int pvr2_hdw_initialize(struct pvr2_hdw *hdw, ...@@ -1854,10 +1854,19 @@ int pvr2_hdw_initialize(struct pvr2_hdw *hdw,
void *callback_data) void *callback_data)
{ {
LOCK_TAKE(hdw->big_lock); do { LOCK_TAKE(hdw->big_lock); do {
if (hdw->flag_disconnected) {
/* Handle a race here: If we're already
disconnected by this point, then give up. If we
get past this then we'll remain connected for
the duration of initialization since the entire
initialization sequence is now protected by the
big_lock. */
break;
}
hdw->state_data = callback_data; hdw->state_data = callback_data;
hdw->state_func = callback_func; hdw->state_func = callback_func;
} while (0); LOCK_GIVE(hdw->big_lock);
pvr2_hdw_setup(hdw); pvr2_hdw_setup(hdw);
} while (0); LOCK_GIVE(hdw->big_lock);
return hdw->flag_init_ok; return hdw->flag_init_ok;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment