UIO: hold a reference to the device's owner while the device is open
authorUwe Kleine-König <Uwe.Kleine-Koenig@digi.com>
Fri, 11 Apr 2008 09:07:39 +0000 (11:07 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Sun, 20 Apr 2008 02:10:18 +0000 (19:10 -0700)
Otherwise the device might just disappear while /dev/uioX is being used
which results in an Oops.

Signed-off-by: Uwe Kleine-König <Uwe.Kleine-Koenig@digi.com>
Signed-off-by: Hans J Koch <hjk@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/uio/uio.c

index 11759080ca547058809b516aaacbc8f979ff77d5..55cc7b80422a0617dab71e8adbf34c9d854cc5ac 100644 (file)
@@ -301,23 +301,33 @@ static int uio_open(struct inode *inode, struct file *filep)
        if (!idev)
                return -ENODEV;
 
+       if (!try_module_get(idev->owner))
+               return -ENODEV;
+
        listener = kmalloc(sizeof(*listener), GFP_KERNEL);
-       if (!listener)
-               return -ENOMEM;
+       if (!listener) {
+               ret = -ENOMEM;
+               goto err_alloc_listener;
+       }
 
        listener->dev = idev;
        listener->event_count = atomic_read(&idev->event);
        filep->private_data = listener;
 
        if (idev->info->open) {
-               if (!try_module_get(idev->owner))
-                       return -ENODEV;
                ret = idev->info->open(idev->info, inode);
-               module_put(idev->owner);
+               if (ret)
+                       goto err_infoopen;
        }
 
-       if (ret)
-               kfree(listener);
+       return 0;
+
+err_infoopen:
+
+       kfree(listener);
+err_alloc_listener:
+
+       module_put(idev->owner);
 
        return ret;
 }
@@ -336,12 +346,11 @@ static int uio_release(struct inode *inode, struct file *filep)
        struct uio_listener *listener = filep->private_data;
        struct uio_device *idev = listener->dev;
 
-       if (idev->info->release) {
-               if (!try_module_get(idev->owner))
-                       return -ENODEV;
+       if (idev->info->release)
                ret = idev->info->release(idev->info, inode);
-               module_put(idev->owner);
-       }
+
+       module_put(idev->owner);
+
        if (filep->f_flags & FASYNC)
                ret = uio_fasync(-1, filep, 0);
        kfree(listener);
@@ -510,10 +519,7 @@ static int uio_mmap(struct file *filep, struct vm_area_struct *vma)
                return -EINVAL;
 
        if (idev->info->mmap) {
-               if (!try_module_get(idev->owner))
-                       return -ENODEV;
                ret = idev->info->mmap(idev->info, vma);
-               module_put(idev->owner);
                return ret;
        }