-
Sishuai Gong authored
There is a race over dev->radio_tx_rds_owner between the two functions mentioned below: Thread-1 Thread-2 vivid_fop_release() vivid_radio_rx_read() mutex_unlock(&dev->mutex) mutex_lock_interruptible(&dev->mutex) ... dev->radio_rx_rds_owner = file->private_data; ... if (file->private_data == dev->radio_rx_rds_owner) { dev->radio_tx_rds_last_block = 0; dev->radio_tx_rds_owner = NULL; } This race can be fixed by only releasing the lock after vivid_fop_release() finishes the checks. Signed-off-by:Sishuai Gong <sishuai.system@gmail.com> Signed-off-by:
Hans Verkuil <hverkuil-cisco@xs4all.nl>
54921a8f
