* Locking problem between em28xx and em28xx-dvb modules - Part 2
@ 2011-08-16 21:50 Chris Rankin
0 siblings, 0 replies; only message in thread
From: Chris Rankin @ 2011-08-16 21:50 UTC (permalink / raw)
To: linux-media
Hi,
I've been looking deeper into the em28xx and em28xx-dvb modules, and I'm
concerned that there are some races and resource leaks inherent in the current code:
a) Shouldn't em28xx_init_extension() and em28xx_add_into_devlist() be unified
into a single function? Otherwise, consider someone plugging a DVB adapter into
a host when the em28xx-dvb module is not yet loaded:
- em28xx_init_dev() adds new device to list.
- em28xx-dvb module registers itself, and initialises every device in the list
(including our new one).
- em28xx_init_dev() iterates over the list of extensions (including em28xx-dvb)
with the new device.
At this point, dvb_init() has been called twice for our new device, resulting in
a leaked struct em28xx_dvb.
b) When em28xx_init_dev() returns something != 0, em28xx_usb_probe() frees the
struct em28xx and exits without calling usb_put_dev().
c) There are many ways that em28xx_init_dev() can return something != 0, and not
all of them release the V4L2 device or I2C device.
Am I understanding this code correctly, please? I can obviously extend my patch
accordingly - it is currently running without any obvious problems, but I only
have one DVB adapter and none that uses the ALSA extension.
Cheers,
Chris
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-08-16 21:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-16 21:50 Locking problem between em28xx and em28xx-dvb modules - Part 2 Chris Rankin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.