Commit 5d49c101 authored Mar 07, 2008 by Tilman Schmidt Committed by Linus Torvalds Mar 07, 2008

gigaset: fix Oops on module unload regression



The card state mutex was only initialized when a device was connected,
but used during unload unconditionally, leading to an Oops if a driver
was loaded and unloaded again without ever connecting a device.

Fix this by initializing the mutex as soon as the structure is allocated.
Also add a missing mutex unlock revealed in the same execution path.

This fixes a possible Oops in 2.6.25-rc that was introduced by commit
e468c048 ("Gigaset: permit module
unload").

Thanks to Roland Kletzing for reporting this problem.

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Tested-by: Roland Kletzing <devzero@web.de>
Cc: Hansjoerg Lipp <hjlipp@web.de>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 1d6789c3

drivers/isdn/gigaset/common.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -637,7 +637,6 @@ struct cardstate gigaset_initcs(struct gigaset_driver drv, int channels,
		err("maximum number of devices exceeded");
		return NULL;
		}
		mutex_init(&cs->mutex);

		gig_dbg(DEBUG_INIT, "allocating bcs[0..%d]", channels - 1);
		cs->bcs = kmalloc(channels * sizeof(struct bc_state), GFP_KERNEL);
		@@ -898,8 +897,10 @@ int gigaset_shutdown(struct cardstate *cs)
		{
		mutex_lock(&cs->mutex);

		if (!(cs->flags & VALID_MINOR))
		if (!(cs->flags & VALID_MINOR)) {
		mutex_unlock(&cs->mutex);
		return -1;
		}

		cs->waiting = 1;

		@@ -1086,6 +1087,7 @@ struct gigaset_driver *gigaset_initdriver(unsigned minor, unsigned minors,
		drv->cs[i].driver = drv;
		drv->cs[i].ops = drv->ops;
		drv->cs[i].minor_index = i;
		mutex_init(&drv->cs[i].mutex);
		}

		gigaset_if_initdriver(drv, procname, devname);