Re: dvb shared datastructure bug?

From: Marcel Siegert
Date: Tue Feb 13 2007 - 08:06:16 EST


On Tuesday 13 February 2007, you wrote:
>
> > attached find a patch that fixes the problem.
>
>
> Hi,
>
> Thank you for the quick response.
> I think there is a small bug in this; at least I don't see where you
> copy over the content of the fops template to the newly allocated piece
> of memory...
>
> Greetings,
> Arjan van de Ven

hi arjan,

also fixed that issue. my fault, sorry.

i updated my repository @ linutv.org accordingly.

i will ask mauro to pull changeset b265e2484422
   dvbdev: fix illegal re-usage of fileoperations struct
from  http://www.linuxtv.org/hg/~mws/v4l-dvb-fixtree

for upstream to kernel., if no more issues appear today.

thanks again.

marcel


diff -r 667e84e2e762 linux/drivers/media/dvb/dvb-core/dvbdev.c
--- a/linux/drivers/media/dvb/dvb-core/dvbdev.c Tue Feb 13 07:00:55 2007 -0200
+++ b/linux/drivers/media/dvb/dvb-core/dvbdev.c Tue Feb 13 13:44:47 2007 +0100
@@ -211,12 +211,14 @@ int dvb_register_device(struct dvb_adapt
const struct dvb_device *template, void *priv, int type)
{
struct dvb_device *dvbdev;
+ struct file_operations *dvbdevfops;
+
int id;

if (mutex_lock_interruptible(&dvbdev_register_lock))
return -ERESTARTSYS;

- if ((id = dvbdev_get_free_id (adap, type)) < 0) {
+ if ((id = dvbdev_get_free_id (adap, type)) < 0){
mutex_unlock(&dvbdev_register_lock);
*pdvbdev = NULL;
printk ("%s: could get find free device id...\n", __FUNCTION__);
@@ -225,7 +227,15 @@ int dvb_register_device(struct dvb_adapt

*pdvbdev = dvbdev = kmalloc(sizeof(struct dvb_device), GFP_KERNEL);

- if (!dvbdev) {
+ if (!dvbdev){
+ mutex_unlock(&dvbdev_register_lock);
+ return -ENOMEM;
+ }
+
+ dvbdevfops = kzalloc(sizeof(struct file_operations), GFP_KERNEL);
+
+ if (!dvbdevfops){
+ kfree (dvbdev);
mutex_unlock(&dvbdev_register_lock);
return -ENOMEM;
}
@@ -235,7 +245,9 @@ int dvb_register_device(struct dvb_adapt
dvbdev->id = id;
dvbdev->adapter = adap;
dvbdev->priv = priv;
-
+ dvbdev->fops = dvbdevfops;
+
+ memcpy(dvbdev->fops, template->fops, sizeof(struct file_operations));
dvbdev->fops->owner = adap->module;

list_add_tail (&dvbdev->list_head, &adap->device_list);
@@ -263,6 +275,7 @@ void dvb_unregister_device(struct dvb_de
dvbdev->type, dvbdev->id)));

list_del (&dvbdev->list_head);
+ kfree (dvbdev->fops);
kfree (dvbdev);
}
EXPORT_SYMBOL(dvb_unregister_device);