From bdfe273ee54b29498851fc8058516037d284270c Mon Sep 17 00:00:00 2001 From: Clemens Ladisch Date: Mon, 14 Jun 2010 11:46:25 +0200 Subject: [PATCH] firewire: cdev: fix race in iso context creation Protect the client's iso context pointer against a race that can happen when more than one creation call is executed at the same time. Signed-off-by: Clemens Ladisch Signed-off-by: Stefan Richter --- drivers/firewire/core-cdev.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c index 4e0478d70d4d..ce8cb6fcbbcd 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c @@ -864,10 +864,6 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg) struct fw_cdev_create_iso_context *a = &arg->create_iso_context; struct fw_iso_context *context; - /* We only support one context at this time. */ - if (client->iso_context != NULL) - return -EBUSY; - if (a->channel > 63) return -EINVAL; @@ -892,10 +888,17 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg) if (IS_ERR(context)) return PTR_ERR(context); + /* We only support one context at this time. */ + spin_lock_irq(&client->lock); + if (client->iso_context != NULL) { + spin_unlock_irq(&client->lock); + fw_iso_context_destroy(context); + return -EBUSY; + } client->iso_closure = a->closure; client->iso_context = context; + spin_unlock_irq(&client->lock); - /* We only support one context at this time. */ a->handle = 0; return 0;