Commit 856260a5 authored by Devin Heitmueller's avatar Devin Heitmueller Committed by Mauro Carvalho Chehab

[media] xc5000: fix memory corruption when unplugging device

This patch addresses a regression introduced in the following patch:

commit 5264a522
Author: Shuah Khan <shuahkh@osg.samsung.com>
    [media] media: tuner xc5000 - release firmwware from xc5000_release()

The "priv" struct is actually reference counted, so the xc5000_release()
function gets called multiple times for hybrid devices.  Because
release_firmware() was always being called, it would work fine as expected
on the first call but then the second call would corrupt aribtrary memory.

Set the pointer to NULL after releasing so that we don't call
release_firmware() twice.

This problem was detected in the HVR-950q where plugging/unplugging the
device multiple times would intermittently show panics in completely
unrelated areas of the kernel.
Signed-off-by: default avatarDevin Heitmueller <dheitmueller@kernellabs.com>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@osg.samsung.com>
parent 09bf4a85
...@@ -1336,7 +1336,10 @@ static int xc5000_release(struct dvb_frontend *fe) ...@@ -1336,7 +1336,10 @@ static int xc5000_release(struct dvb_frontend *fe)
if (priv) { if (priv) {
cancel_delayed_work(&priv->timer_sleep); cancel_delayed_work(&priv->timer_sleep);
release_firmware(priv->firmware); if (priv->firmware) {
release_firmware(priv->firmware);
priv->firmware = NULL;
}
hybrid_tuner_release_state(priv); hybrid_tuner_release_state(priv);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment