From patchwork Mon Aug  6 17:06:48 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [SRU, Oneiric/Precise, Quantal,
 media] Avoid sysfs oops when an rc_dev's raw device is absent
Date: Mon, 06 Aug 2012 07:06:48 -0000
From: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
X-Patchwork-Id: 175401
Message-Id: <1344272808-7953-1-git-send-email-herton.krzesinski@canonical.com>
To: kernel-team@lists.ubuntu.com

From: Douglas Bagnall <douglas@paradise.net.nz>

For some reason, when the lirc daemon learns that a usb remote control
has been unplugged, it wants to read the sysfs attributes of the
disappearing device. This is useful for uncovering transient
inconsistencies, but less so for keeping the system running when such
inconsistencies exist.

Under some circumstances (like every time I unplug my dvb stick from
my laptop), lirc catches an rc_dev whose raw event handler has been
removed (presumably by ir_raw_event_unregister), and proceeds to
interrogate the raw protocols supported by the NULL pointer.

This patch avoids the NULL dereference, and ignores the issue of how
this state of affairs came about in the first place.

Version 2 incorporates changes recommended by Mauro Carvalho Chehab
(-ENODEV instead of -EINVAL, and a signed-off-by).

Signed-off-by: Douglas Bagnall <douglas@paradise.net.nz>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
(cherry picked from commit 720bb6436ff30fccad05cf5bdf961ea5b1f5686d upstream)
BugLink: http://bugs.launchpad.net/bugs/1015836
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>

---
drivers/media/rc/rc-main.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Bug was reported against Precise, but looking at the code Oneiric seems
affected as well. Natty would be affected too, but seems its code have
more problems (for example, it misses commit 08aeb7c "rc: add locking to fix
register/show race"), and I'm not sure it's worth touching Natty at this
stage.

I did a quick verification against one of the oopses on the bug also, the
patch looks good (code patched will address crash matched with symbols from
linux-image-3.2.0-26-generic-dbgsym_3.2.0-26.41_amd64.ddeb). And seems a fix
that is worth for stable upstream too, I'll send it there as well.

diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c
index 6e16b09..cabc19c 100644
--- a/drivers/media/rc/rc-main.c
+++ b/drivers/media/rc/rc-main.c
@@ -775,10 +775,11 @@ static ssize_t show_protocols(struct device *device,
 	if (dev->driver_type == RC_DRIVER_SCANCODE) {
 		enabled = dev->rc_map.rc_type;
 		allowed = dev->allowed_protos;
-	} else {
+	} else if (dev->raw) {
 		enabled = dev->raw->enabled_protocols;
 		allowed = ir_raw_get_allowed_protocols();
-	}
+	} else
+		return -ENODEV;
 
 	IR_dprintk(1, "allowed - 0x%llx, enabled - 0x%llx\n",
 		   (long long)allowed,