aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/media
diff options
context:
space:
mode:
authorDevin Heitmueller <dheitmueller@kernellabs.com>2014-09-22 20:30:46 -0400
committerMauro Carvalho Chehab <mchehab@osg.samsung.com>2015-04-08 13:49:59 -0400
commit856260a57cdfa5c121c7b7a6e816409bab07885c (patch)
tree19f9fd92f9f2be2a72a68453ab07e8b069207609 /drivers/media
parent09bf4a858d72a632dd12a61bda1d5272d67b2ce9 (diff)
[media] xc5000: fix memory corruption when unplugging device
This patch addresses a regression introduced in the following patch: commit 5264a522a597032c009f9143686ebf0fa4e244fb Author: Shuah Khan <shuahkh@osg.samsung.com> [media] media: tuner xc5000 - release firmwware from xc5000_release() The "priv" struct is actually reference counted, so the xc5000_release() function gets called multiple times for hybrid devices. Because release_firmware() was always being called, it would work fine as expected on the first call but then the second call would corrupt aribtrary memory. Set the pointer to NULL after releasing so that we don't call release_firmware() twice. This problem was detected in the HVR-950q where plugging/unplugging the device multiple times would intermittently show panics in completely unrelated areas of the kernel. Signed-off-by: Devin Heitmueller <dheitmueller@kernellabs.com> Cc: Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Diffstat (limited to 'drivers/media')
-rw-r--r--drivers/media/tuners/xc5000.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/media/tuners/xc5000.c b/drivers/media/tuners/xc5000.c
index 2a039de8ab9a..e6e5e90d8d95 100644
--- a/drivers/media/tuners/xc5000.c
+++ b/drivers/media/tuners/xc5000.c
@@ -1336,7 +1336,10 @@ static int xc5000_release(struct dvb_frontend *fe)
1336 1336
1337 if (priv) { 1337 if (priv) {
1338 cancel_delayed_work(&priv->timer_sleep); 1338 cancel_delayed_work(&priv->timer_sleep);
1339 release_firmware(priv->firmware); 1339 if (priv->firmware) {
1340 release_firmware(priv->firmware);
1341 priv->firmware = NULL;
1342 }
1340 hybrid_tuner_release_state(priv); 1343 hybrid_tuner_release_state(priv);
1341 } 1344 }
1342 1345