firewire: cdev: fix race in iso context creation
Protect the client's iso context pointer against a race that can happen
when more than one creation call is executed at the same time.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index 4e0478d..ce8cb6f 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -864,10 +864,6 @@
struct fw_cdev_create_iso_context *a = &arg->create_iso_context;
struct fw_iso_context *context;
- /* We only support one context at this time. */
- if (client->iso_context != NULL)
- return -EBUSY;
-
if (a->channel > 63)
return -EINVAL;
@@ -892,10 +888,17 @@
if (IS_ERR(context))
return PTR_ERR(context);
+ /* We only support one context at this time. */
+ spin_lock_irq(&client->lock);
+ if (client->iso_context != NULL) {
+ spin_unlock_irq(&client->lock);
+ fw_iso_context_destroy(context);
+ return -EBUSY;
+ }
client->iso_closure = a->closure;
client->iso_context = context;
+ spin_unlock_irq(&client->lock);
- /* We only support one context at this time. */
a->handle = 0;
return 0;
