From 38f04c6b1b682f1879441e2925403ad9aff9e229 Mon Sep 17 00:00:00 2001 From: Ilan Elias Date: Thu, 22 Sep 2011 11:36:19 +0300 Subject: NFC: protect nci_data_exchange transactions Protect 'cb' and 'cb_context' arguments in nci_data_exchange. In fact, this implements a queue with max length of 1 data exchange transactions in parallel. Signed-off-by: Ilan Elias Acked-by: Lauro Ramos Venancio Signed-off-by: John W. Linville --- net/nfc/nci/core.c | 10 +++++++++- net/nfc/nci/data.c | 2 ++ net/nfc/nci/ntf.c | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) (limited to 'net/nfc/nci') diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c index 9f17e8ec0ab..1e6b20f2bc9 100644 --- a/net/nfc/nci/core.c +++ b/net/nfc/nci/core.c @@ -453,6 +453,7 @@ static int nci_data_exchange(struct nfc_dev *nfc_dev, __u32 target_idx, void *cb_context) { struct nci_dev *ndev = nfc_get_drvdata(nfc_dev); + int rc; nfc_dbg("entry, target_idx %d, len %d", target_idx, skb->len); @@ -461,11 +462,18 @@ static int nci_data_exchange(struct nfc_dev *nfc_dev, __u32 target_idx, return -EINVAL; } + if (test_and_set_bit(NCI_DATA_EXCHANGE, &ndev->flags)) + return -EBUSY; + /* store cb and context to be used on receiving data */ ndev->data_exchange_cb = cb; ndev->data_exchange_cb_context = cb_context; - return nci_send_data(ndev, ndev->conn_id, skb); + rc = nci_send_data(ndev, ndev->conn_id, skb); + if (rc) + clear_bit(NCI_DATA_EXCHANGE, &ndev->flags); + + return rc; } static struct nfc_ops nci_nfc_ops = { diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c index 141790ada4a..e5ed90fc1a9 100644 --- a/net/nfc/nci/data.c +++ b/net/nfc/nci/data.c @@ -54,6 +54,8 @@ void nci_data_exchange_complete(struct nci_dev *ndev, /* no waiting callback, free skb */ kfree_skb(skb); } + + clear_bit(NCI_DATA_EXCHANGE, &ndev->flags); } /* ----------------- NCI TX Data ----------------- */ diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c index 8dd75352ab6..96633f5cda4 100644 --- a/net/nfc/nci/ntf.c +++ b/net/nfc/nci/ntf.c @@ -215,7 +215,7 @@ static void nci_rf_deactivate_ntf_packet(struct nci_dev *ndev, } /* complete the data exchange transaction, if exists */ - if (ndev->data_exchange_cb) + if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags)) nci_data_exchange_complete(ndev, NULL, -EIO); } -- cgit v1.2.3-70-g09d2