kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   a99b602ac2b8c237ced40a4769f19ed10f16288a
  2.   patches.suse
  3.   0001-media-rc-oops-in-ir_timer_keyup-after-device-unplug.patch
Blob Blame History Raw 
From 8d4068810d9926250dd2435719a080b889eb44c3 Mon Sep 17 00:00:00 2001
From: Sean Young <sean@mess.org>
Date: Tue, 6 Mar 2018 08:57:57 -0500
Subject: [PATCH] media: rc: oops in ir_timer_keyup after device unplug
Git-commit: 8d4068810d9926250dd2435719a080b889eb44c3
Patch-mainline: v4.17-rc1
References: bsc#1090888

If there is IR in the raw kfifo when ir_raw_event_unregister() is called,
then kthread_stop() causes ir_raw_event_thread to be scheduled, decode
some scancodes and re-arm timer_keyup. The timer_keyup then fires when
the rc device is long gone.

Cc: stable@vger.kernel.org
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Oliver Neukum <oneukum@suse.com>
---
 drivers/media/rc/rc-main.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/media/rc/rc-main.c
+++ b/drivers/media/rc/rc-main.c
@@ -1853,11 +1853,11 @@ void rc_unregister_device(struct rc_dev
 	if (!dev)
 		return;
 
-	del_timer_sync(&dev->timer_keyup);
-
 	if (dev->driver_type == RC_DRIVER_IR_RAW)
 		ir_raw_event_unregister(dev);
 
+	del_timer_sync(&dev->timer_keyup);
+
 	rc_free_rx_device(dev);
 
 	device_del(&dev->dev);
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.