media: cec: forgot to cancel delayed work
authorHans Verkuil <hverkuil@xs4all.nl>
Mon, 15 Oct 2018 10:14:22 +0000 (06:14 -0400)
committerMauro Carvalho Chehab <mchehab+samsung@kernel.org>
Mon, 15 Oct 2018 13:57:52 +0000 (09:57 -0400)
If the wait for completion was interrupted, then make sure to cancel
any delayed work.

This can only happen if a transmit is waiting for a reply, and you press
Ctrl-C or reboot/poweroff or something like that which interrupts the
thread waiting for the reply and then proceeds to delete the CEC message.

Since the delayed work wasn't canceled, once it would trigger it referred
to stale data and resulted in a kernel oops.

Fixes: 7ec2b3b941a6 ("cec: add new tx/rx status bits to detect aborts/timeouts")
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v4.18 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
drivers/media/cec/cec-adap.c

index 0c0d9107383ed64049cd2e943b7c37e1bb832632..31d1f4ab915ea7e07f8843d1feb99217409a1af4 100644 (file)
@@ -844,6 +844,8 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg,
         */
        mutex_unlock(&adap->lock);
        wait_for_completion_killable(&data->c);
+       if (!data->completed)
+               cancel_delayed_work_sync(&data->work);
        mutex_lock(&adap->lock);
 
        /* Cancel the transmit if it was interrupted */