commit
963761a0b2e85663ee4a5630f72930885a06598a upstream.
A rc device can call ir_raw_event_handle() after rc_allocate_device(),
but before rc_register_device() has completed. This is racey because
rcdev->raw is set before rcdev->raw->thread has a valid value.
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
[bwh: Backported to 3.2: adjust filename, context, indentation]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+ if (!dev->raw || !dev->raw->thread)
return;
spin_lock_irqsave(&dev->raw->lock, flags);
return;
spin_lock_irqsave(&dev->raw->lock, flags);
{
int rc;
struct ir_raw_handler *handler;
{
int rc;
struct ir_raw_handler *handler;
+ struct task_struct *thread;
if (!dev)
return -EINVAL;
if (!dev)
return -EINVAL;
goto out;
spin_lock_init(&dev->raw->lock);
goto out;
spin_lock_init(&dev->raw->lock);
- dev->raw->thread = kthread_run(ir_raw_event_thread, dev->raw,
- "rc%ld", dev->devno);
+ thread = kthread_run(ir_raw_event_thread, dev->raw, "rc%ld",
+ dev->devno);
- if (IS_ERR(dev->raw->thread)) {
- rc = PTR_ERR(dev->raw->thread);
+ if (IS_ERR(thread)) {
+ rc = PTR_ERR(thread);
+ dev->raw->thread = thread;
+
mutex_lock(&ir_raw_handler_lock);
list_add_tail(&dev->raw->list, &ir_raw_client_list);
list_for_each_entry(handler, &ir_raw_handler_list, list)
mutex_lock(&ir_raw_handler_lock);
list_add_tail(&dev->raw->list, &ir_raw_client_list);
list_for_each_entry(handler, &ir_raw_handler_list, list)
git.openpandora.org / pandora-kernel.git / commitdiff