Commit bdfe273e authored by Clemens Ladisch's avatar Clemens Ladisch Committed by Stefan Richter

firewire: cdev: fix race in iso context creation

Protect the client's iso context pointer against a race that can happen
when more than one creation call is executed at the same time.
Signed-off-by: default avatarClemens Ladisch <clemens@ladisch.de>
Signed-off-by: default avatarStefan Richter <stefanr@s5r6.in-berlin.de>
parent 33e553fe
...@@ -864,10 +864,6 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg) ...@@ -864,10 +864,6 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg)
struct fw_cdev_create_iso_context *a = &arg->create_iso_context; struct fw_cdev_create_iso_context *a = &arg->create_iso_context;
struct fw_iso_context *context; struct fw_iso_context *context;
/* We only support one context at this time. */
if (client->iso_context != NULL)
return -EBUSY;
if (a->channel > 63) if (a->channel > 63)
return -EINVAL; return -EINVAL;
...@@ -892,10 +888,17 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg) ...@@ -892,10 +888,17 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg)
if (IS_ERR(context)) if (IS_ERR(context))
return PTR_ERR(context); return PTR_ERR(context);
/* We only support one context at this time. */
spin_lock_irq(&client->lock);
if (client->iso_context != NULL) {
spin_unlock_irq(&client->lock);
fw_iso_context_destroy(context);
return -EBUSY;
}
client->iso_closure = a->closure; client->iso_closure = a->closure;
client->iso_context = context; client->iso_context = context;
spin_unlock_irq(&client->lock);
/* We only support one context at this time. */
a->handle = 0; a->handle = 0;
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment