firewire: cdev: prevent race between first get_info ioctl and bus reset event queuing

[linux-imx.git] / drivers / firewire / core-cdev.c

diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index 9b5915ebeb35ab80d705e6c449390ad5e7775470..e6ad3bb6c1a6b5efad00df79995f733be9a9c1f7 100644 (file)
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -253,14 +253,11 @@ static int fw_device_op_open(struct inode *inode, struct file *file)
        init_waitqueue_head(&client->wait);
        init_waitqueue_head(&client->tx_flush_wait);
        INIT_LIST_HEAD(&client->phy_receiver_link);
+       INIT_LIST_HEAD(&client->link);
        kref_init(&client->kref);
 
        file->private_data = client;
 
-       mutex_lock(&device->client_list_mutex);
-       list_add_tail(&client->link, &device->client_list);
-       mutex_unlock(&device->client_list_mutex);
-
        return nonseekable_open(inode, file);
 }
 
@@ -451,15 +448,20 @@ static int ioctl_get_info(struct client *client, union ioctl_arg *arg)
        if (ret != 0)
                return -EFAULT;
 
+       mutex_lock(&client->device->client_list_mutex);
+
        client->bus_reset_closure = a->bus_reset_closure;
        if (a->bus_reset != 0) {
                fill_bus_reset_event(&bus_reset, client);
-               if (copy_to_user(u64_to_uptr(a->bus_reset),
-                                &bus_reset, sizeof(bus_reset)))
-                       return -EFAULT;
+               ret = copy_to_user(u64_to_uptr(a->bus_reset),
+                                  &bus_reset, sizeof(bus_reset));
        }
+       if (ret == 0 && list_empty(&client->link))
+               list_add_tail(&client->link, &client->device->client_list);
 
-       return 0;
+       mutex_unlock(&client->device->client_list_mutex);
+
+       return ret ? -EFAULT : 0;
 }
 
 static int add_client_resource(struct client *client,