NFC: Core must test the device polling state inside the device lock
authorEric Lapuyade <eric.lapuyade@intel.com>
Thu, 3 May 2012 14:21:58 +0000 (16:21 +0200)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 9 Jul 2012 20:42:09 +0000 (16:42 -0400)
There can ever be only one call to nfc_targets_found() after polling
has been engaged. This could be from a target discovered event from
the driver, or from an error handler to notify poll will never complete.

Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
net/nfc/core.c

index 32f28326b623f8385d5438494d5ba7078999141e..94ccf07374a52be8961fa014544fe957911f69c7 100644 (file)
@@ -571,13 +571,18 @@ int nfc_targets_found(struct nfc_dev *dev,
 
        pr_debug("dev_name=%s n_targets=%d\n", dev_name(&dev->dev), n_targets);
 
-       dev->polling = false;
-
        for (i = 0; i < n_targets; i++)
                targets[i].idx = dev->target_next_idx++;
 
        device_lock(&dev->dev);
 
+       if (dev->polling == false) {
+               device_unlock(&dev->dev);
+               return 0;
+       }
+
+       dev->polling = false;
+
        dev->targets_generation++;
 
        kfree(dev->targets);