On Tue, 3 Feb 2009 23:13:17 +0000
Adam Baker <linux@xxxxxxxxxxxxxxxx> wrote:
> If a device using the gspca framework is unplugged while it is still
> streaming then the call that is used to free the URBs that have been
> allocated occurs after the pointer it uses becomes invalid at the end
> of gspca_disconnect. Make another cleanup call in gspca_disconnect
> while the pointer is still valid (multiple calls are OK as
> destroy_urbs checks for pointers already being NULL.
>
> Signed-off-by: Adam Baker <linux@xxxxxxxxxxxxxxxx>
>
> ---
> diff -r 4d0827823ebc linux/drivers/media/video/gspca/gspca.c
> --- a/linux/drivers/media/video/gspca/gspca.c Tue Feb 03
> 10:42:28 2009 +0100 +++
> b/linux/drivers/media/video/gspca/gspca.c Tue Feb 03 23:07:34
> 2009 +0000 @@ -434,6 +434,7 @@ static void destroy_urbs(struct
> gspca_de if (urb == NULL) break;
>
> + BUG_ON(!gspca_dev->dev);
No: this function is called on close after disconnect. when the pointer
is NULL.
> gspca_dev->urb[i] = NULL;
> if (gspca_dev->present)
> usb_kill_urb(urb);
> @@ -1953,8 +1954,12 @@ void gspca_disconnect(struct usb_interfa
> {
> struct gspca_dev *gspca_dev = usb_get_intfdata(intf);
>
> + mutex_lock(&gspca_dev->usb_lock);
> gspca_dev->present = 0;
> + mutex_unlock(&gspca_dev->usb_lock);
I do not see what is the use of the lock...
> + destroy_urbs(gspca_dev);
> + gspca_dev->dev = NULL;
As I understand, the usb device is freed at disconnection time after
the call to the (struct usb_driver *)->disconnect() function. I did not
know that and I could not find yet how! So, this is OK for me.
> usb_set_intfdata(intf, NULL);
>
> /* release the device */
Now, as the pointer to the usb_driver may be NULL, I have to check if an
(other) oops may occur elsewhere...
Thank you.
--
Ken ar c'hentan | ** Breizh ha Linux atav! **
Jef | http://moinejf.free.fr/
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
