From: Srinivas Pandruvada Date: Mon, 28 Nov 2016 19:23:35 +0000 (-0800) Subject: HID: intel-ish-hid: Fix potential race condition X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=6d290391be9233349345d49f4539a87f8cb31c30;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git HID: intel-ish-hid: Fix potential race condition Although unlikely but it is possible that when a connect or disconnect request is issued to the firmware, before the response comes, user terminates the client session. In this case when the response is arrived there is no matching client instance in the list of currently active clients. In this case, don't issue call to wake up a waiting client. Signed-off-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina --- diff --git a/drivers/hid/intel-ish-hid/ishtp/hbm.c b/drivers/hid/intel-ish-hid/ishtp/hbm.c index 74bffee60774..59460b66e689 100644 --- a/drivers/hid/intel-ish-hid/ishtp/hbm.c +++ b/drivers/hid/intel-ish-hid/ishtp/hbm.c @@ -378,11 +378,10 @@ static void ishtp_hbm_cl_disconnect_res(struct ishtp_device *dev, list_for_each_entry(cl, &dev->cl_list, link) { if (!rs->status && ishtp_hbm_cl_addr_equal(cl, rs)) { cl->state = ISHTP_CL_DISCONNECTED; + wake_up_interruptible(&cl->wait_ctrl_res); break; } } - if (cl) - wake_up_interruptible(&cl->wait_ctrl_res); spin_unlock_irqrestore(&dev->cl_list_lock, flags); } @@ -431,11 +430,10 @@ static void ishtp_hbm_cl_connect_res(struct ishtp_device *dev, cl->state = ISHTP_CL_DISCONNECTED; cl->status = -ENODEV; } + wake_up_interruptible(&cl->wait_ctrl_res); break; } } - if (cl) - wake_up_interruptible(&cl->wait_ctrl_res); spin_unlock_irqrestore(&dev->cl_list_lock, flags); }