On Tuesday 13 February 2007, Arjan van de Ven wrote:
> Hi,
> 
> while working on the last pieces of the file_ops constantification, DVB
> is the small village in France that is holding the Romans at bay... but
> I think I found the final flaw in it now: 
> 
>        *pdvbdev = dvbdev = kmalloc(sizeof(struct dvb_device), GFP_KERNEL);
> 
>         if (!dvbdev) {
>                 mutex_unlock(&dvbdev_register_lock);
>                 return -ENOMEM;
>         }
> 
>         memcpy(dvbdev, template, sizeof(struct dvb_device));
>         dvbdev->type = type;
>         dvbdev->id = id;
>         dvbdev->adapter = adap;
>         dvbdev->priv = priv;
> 
>         dvbdev->fops->owner = adap->module;
> 
> 
> this is the place in DVB that is writing to a struct file_operations.
> But as with almost all such cases in the kernel, this one is buggy:
> While the code nicely copies a template dvbdev, that template only has a
> pointer to a *shared* fops struct, the copy doesn't help that. So this
> code is overwriting the fops owner field for ALL active devices, not
> just the ones the copy of the template is for....
> 
> I'm lost in the maze of this part of DVB (it seems to have some magic
> potion to resist me) but I was hoping some of the local citizens could
> take a look at this buglet...
> 
> Greetings,
>     Arjan van de Ven

hi arjan,
thanks for pointing out this issue.

attached find a patch that fixes the problem.

@mauro - please pull changeset a7ac92d208fe
   dvbdev: fix illegal re-usage of fileoperations struct

from  http://www.linuxtv.org/hg/~mws/v4l-dvb-fixtree

for upstream to kernel. thanks.

best regards 
marcel