Commit 73d5c5c864f40 made sure that media/usb drivers don't do DMA on stack.
That made pctv452e oops while initialising:
[...]
BUG: unable to handle kernel NULL pointer dereference at (null)
[...]
[ 9.051527] [<ffffffff8179c507>] mutex_lock+0x17/0x30
[ 9.051531] [<ffffffffa062fc75>] pctv452e_power_ctrl+0x85/0x190 [dvb_usb_pctv452e]
[ 9.051536] [<ffffffffa06bb4ef>] dvb_usb_device_power_ctrl+0x3f/0x50 [dvb_usb]
[ 9.051541] [<ffffffffa06bb725>] dvb_usb_device_init+0x225/0x620 [dvb_usb]
[ 9.051546] [<ffffffffa0630251>] pctv452e_usb_probe+0x51/0x60 [dvb_usb_pctv452e]
[ 9.051550] [<ffffffff815dcf69>] usb_probe_interface+0x159/0x2d0
[...]
Commit 7724325a1 fixed most drivers but not all - I guess that only
those using data_mutex for locking got fixes. But some gave the
mutex a different name, in pctv452e it was ca_mutex.
This patches only pctv452e but grep mutex_lock in usb/dvb-usb makes me
believe that more drivers need to be fixed.
Fixes: 73d5c5c8 ("[media] pctv452e: don't do DMA on stack")
Signed-off-by: Wolfgang Rohdewald <wolfgang@xxxxxxxxxxxx>
CC: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx>
---
drivers/media/usb/dvb-usb/pctv452e.c | 31 +++++++++++++++----------------
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/drivers/media/usb/dvb-usb/pctv452e.c b/drivers/media/usb/dvb-usb/pctv452e.c
index 07fa08b..5f9cd32 100644
--- a/drivers/media/usb/dvb-usb/pctv452e.c
+++ b/drivers/media/usb/dvb-usb/pctv452e.c
@@ -92,7 +92,6 @@ static struct stb0899_postproc pctv45e_postproc[] = {
*/
struct pctv452e_state {
struct dvb_ca_en50221 ca;
- struct mutex ca_mutex;
u8 c; /* transaction counter, wraps around... */
u8 initialized; /* set to 1 if 0x15 has been sent */
@@ -114,7 +113,7 @@ static int tt3650_ci_msg(struct dvb_usb_device *d, u8 cmd, u8 *data,
return -EIO;
}
- mutex_lock(&state->ca_mutex);
+ mutex_lock(&d->data_mutex);
id = state->c++;
state->data[0] = SYNC_BYTE_OUT;
@@ -136,14 +135,14 @@ static int tt3650_ci_msg(struct dvb_usb_device *d, u8 cmd, u8 *data,
memcpy(data, state->data + 4, read_len);
- mutex_unlock(&state->ca_mutex);
+ mutex_unlock(&d->data_mutex);
return 0;
failed:
err("CI error %d; %02X %02X %02X -> %*ph.",
ret, SYNC_BYTE_OUT, id, cmd, 3, state->data);
- mutex_unlock(&state->ca_mutex);
+ mutex_unlock(&d->data_mutex);
return ret;
}
@@ -155,9 +154,9 @@ static int tt3650_ci_msg_locked(struct dvb_ca_en50221 *ca,
struct pctv452e_state *state = (struct pctv452e_state *)d->priv;
int ret;
- mutex_lock(&state->ca_mutex);
+ mutex_lock(&d->data_mutex);
ret = tt3650_ci_msg(d, cmd, data, write_len, read_len);
- mutex_unlock(&state->ca_mutex);
+ mutex_unlock(&d->data_mutex);
return ret;
}
@@ -296,7 +295,7 @@ static int tt3650_ci_slot_reset(struct dvb_ca_en50221 *ca, int slot)
buf[0] = 0;
- mutex_lock(&state->ca_mutex);
+ mutex_lock(&d->data_mutex);
ret = tt3650_ci_msg(d, TT3650_CMD_CI_RESET, buf, 1, 1);
if (0 != ret)
@@ -317,7 +316,7 @@ static int tt3650_ci_slot_reset(struct dvb_ca_en50221 *ca, int slot)
ret = tt3650_ci_msg(d, TT3650_CMD_CI_SET_VIDEO_PORT, buf, 1, 1);
failed:
- mutex_unlock(&state->ca_mutex);
+ mutex_unlock(&d->data_mutex);
return ret;
}
@@ -376,7 +375,7 @@ static int tt3650_ci_init(struct dvb_usb_adapter *a)
ci_dbg("%s", __func__);
- mutex_init(&state->ca_mutex);
+ mutex_init(&d->data_mutex);
state->ca.owner = THIS_MODULE;
state->ca.read_attribute_mem = tt3650_ci_read_attribute_mem;
@@ -413,7 +412,7 @@ static int pctv452e_i2c_msg(struct dvb_usb_device *d, u8 addr,
u8 id;
int ret;
- mutex_lock(&state->ca_mutex);
+ mutex_lock(&d->data_mutex);
id = state->c++;
ret = -EINVAL;
@@ -447,7 +446,7 @@ static int pctv452e_i2c_msg(struct dvb_usb_device *d, u8 addr,
goto failed;
memcpy(rcv_buf, state->data + 7, rcv_len);
- mutex_unlock(&state->ca_mutex);
+ mutex_unlock(&d->data_mutex);
return rcv_len;
@@ -456,7 +455,7 @@ static int pctv452e_i2c_msg(struct dvb_usb_device *d, u8 addr,
ret, SYNC_BYTE_OUT, id, addr << 1, snd_len, rcv_len,
7, state->data);
- mutex_unlock(&state->ca_mutex);
+ mutex_unlock(&d->data_mutex);
return ret;
}
@@ -520,7 +519,7 @@ static int pctv452e_power_ctrl(struct dvb_usb_device *d, int i)
if (!rx)
return -ENOMEM;
- mutex_lock(&state->ca_mutex);
+ mutex_lock(&d->data_mutex);
/* hmm where shoud this should go? */
ret = usb_set_interface(d->udev, 0, ISOC_INTERFACE_ALTERNATIVE);
if (ret != 0)
@@ -548,7 +547,7 @@ static int pctv452e_power_ctrl(struct dvb_usb_device *d, int i)
state->initialized = 1;
ret:
- mutex_unlock(&state->ca_mutex);
+ mutex_unlock(&d->data_mutex);
kfree(rx);
return ret;
}
@@ -559,7 +558,7 @@ static int pctv452e_rc_query(struct dvb_usb_device *d)
int ret, i;
u8 id;
- mutex_lock(&state->ca_mutex);
+ mutex_lock(&d->data_mutex);
id = state->c++;
/* prepare command header */
@@ -595,7 +594,7 @@ static int pctv452e_rc_query(struct dvb_usb_device *d)
state->last_rc_key = 0;
}
ret:
- mutex_unlock(&state->ca_mutex);
+ mutex_unlock(&d->data_mutex);
return ret;
}
--
Wolfgang
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
