From: Clemens Ladisch Date: Mon, 14 Jun 2010 09:46:25 +0000 (+0200) Subject: firewire: cdev: fix race in iso context creation X-Git-Tag: firefly_0821_release~9833^2~499^2~8^3~28 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=bdfe273ee54b29498851fc8058516037d284270c;p=firefly-linux-kernel-4.4.55.git firewire: cdev: fix race in iso context creation Protect the client's iso context pointer against a race that can happen when more than one creation call is executed at the same time. Signed-off-by: Clemens Ladisch Signed-off-by: Stefan Richter --- diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c index 4e0478d70d4d..ce8cb6fcbbcd 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c @@ -864,10 +864,6 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg) struct fw_cdev_create_iso_context *a = &arg->create_iso_context; struct fw_iso_context *context; - /* We only support one context at this time. */ - if (client->iso_context != NULL) - return -EBUSY; - if (a->channel > 63) return -EINVAL; @@ -892,10 +888,17 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg) if (IS_ERR(context)) return PTR_ERR(context); + /* We only support one context at this time. */ + spin_lock_irq(&client->lock); + if (client->iso_context != NULL) { + spin_unlock_irq(&client->lock); + fw_iso_context_destroy(context); + return -EBUSY; + } client->iso_closure = a->closure; client->iso_context = context; + spin_unlock_irq(&client->lock); - /* We only support one context at this time. */ a->handle = 0; return 0;