From df054b4ba9e38717e792e7aa0cfc2be8a68b5529 Mon Sep 17 00:00:00 2001 From: Mike Isely Date: Sun, 6 Apr 2008 21:22:43 -0500 Subject: pvrusb2: Close connect/disconnect race From: Mike Isely If a disconnect happens before initialization is completed, the pvrusb2 driver can accidentally touch dangling pointers. The whole initialization function must be protected by the big_lock, and once inside that lock, the initialization function should abort if it is discovered that a disconnect has already taken place. Signed-off-by: Mike Isely --- linux/drivers/media/video/pvrusb2/pvrusb2-hdw.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'linux/drivers/media') diff --git a/linux/drivers/media/video/pvrusb2/pvrusb2-hdw.c b/linux/drivers/media/video/pvrusb2/pvrusb2-hdw.c index 8efa7add9..c7263e906 100644 --- a/linux/drivers/media/video/pvrusb2/pvrusb2-hdw.c +++ b/linux/drivers/media/video/pvrusb2/pvrusb2-hdw.c @@ -1865,10 +1865,19 @@ int pvr2_hdw_initialize(struct pvr2_hdw *hdw, void *callback_data) { LOCK_TAKE(hdw->big_lock); do { + if (hdw->flag_disconnected) { + /* Handle a race here: If we're already + disconnected by this point, then give up. If we + get past this then we'll remain connected for + the duration of initialization since the entire + initialization sequence is now protected by the + big_lock. */ + break; + } hdw->state_data = callback_data; hdw->state_func = callback_func; + pvr2_hdw_setup(hdw); } while (0); LOCK_GIVE(hdw->big_lock); - pvr2_hdw_setup(hdw); return hdw->flag_init_ok; } -- cgit v1.2.3