dvb-core: guard dmxdev callbacks against stale dispatch
- Some out-of-tree demux drivers can deliver section and TS callbacks after release_filter() / release_ts_feed() has returned, with priv pointers cleared or slots already recycled. dvb-core assumes synchronous teardown and may dereference stale state.
- Add defensive validation in both callback paths: use READ_ONCE() for priv/dev loads, verify state and back-pointers under dev->lock, and drop callbacks that no longer belong to the active slot/feed.
- Also reject NULL src in dvb_dmxdev_buffer_write() to avoid passing it to dvb_ringbuffer_write() from a bad dispatcher.
- This fixes crashes seen on hd51 during CA zap storms, first in section_callback() and then in ts_callback().# Please enter the commit message for your changes. Lines starting
projects / bs-cst-neutrino-hd.git / commit