The coverity checker detected a use-after-free error in
drivers/media/video/cpia2/cpia2_v4l.c::cpia2_close() (coverity
error #1281).
What happens is that we lock cam->busy_lock, then proceed to free
resources, and in the case of (--cam->open_count == 0) we finish off by
doing a kfree(cam) and then at the end of the function we do a
mutex_unlock(&cam->busy_lock) which will explode since it'll dereference
the free'd `cam' :
...
mutex_lock(&cam->busy_lock);
...
if (--cam->open_count == 0) {
    ...
    if (!cam->present) {
        video_unregister_device(dev);
        kfree(cam);
    }
}
mutex_unlock(&cam->busy_lock);   <--- PROBLEM, cam no longer around.
...
Since this only happens in the case of open_count going down to zero I
don't see a problem with just releasing the mutex after unregistering the
device and just before the kfree().  In this case there is nothing around
that we can race against; we are in the release method, open_count is zero,
(!cam->present) and the device has just been unregistered, so letting go of
the mutex at this point looks safe to me.
Patch below to implement that solution.
Acked-by: NRandy Dunlap <rdunlap@xenotime.net>
Signed-off-by: NJesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@infradead.org>

Signed-off-by: NTrent Piepho <xyzzy@speakeasy.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@infradead.org>

Signed-off-by: NAlan Cox <alan@redhat.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@infradead.org>

Typos grab bag of the month.
Eyeballed by jmc@ in OpenBSD.
Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: NOliver Endriss <o.endriss@gmx.de>
Signed-off-by: NMauro Carvalho Chehab <mchehab@infradead.org>

- make 2 needlessly global functions static

- remove cpia2_setup(): the driver already allows setting parameters
  through module_param(), and there's no reason for having two different
  ways for setting the same parameters
Signed-off-by: NAdrian Bunk <bunk@stusta.de>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@infradead.org>

There has been a CPIA2 driver out of kernel for a long time and it has
been pretty clean for some time too. This is an import of the
sourceforge driver which has been stripped of
- 2.4 back compatibility
- 2.4 old style MJPEG ioctls
A couple of functions have been made static and the docs have been
repackaged into Documentation/video4linux.  The rvmalloc/free functions now
match the cpia driver again.  Other than that this is the code as is.
Tested on x86-64 with a QX5 microscope.
Signed-off-by: NAlan Cox <alan@redhat.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@infradead.org>