NFC: pn533: Fix missing lock while operating on commands list

In pn533_wq_cmd command was removed from list without cmd_lock held
(race with pn533_send_cmd_frame_async) which could lead to list
corruption. Delete command from list before releasing lock.

Signed-off-by: Szymon Janc <[email protected]>
Signed-off-by: Samuel Ortiz <[email protected]>

diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c
index 97c440a8cd615798a1e61250628e0030ede37694..328f2b66491e68f0ea571dc0bd3babcf1699c2d0 100644 (file)
--- a/drivers/nfc/pn533.c
+++ b/drivers/nfc/pn533.c
@@ -698,13 +698,14 @@ static void pn533_wq_cmd(struct work_struct *work)
 
        cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
 
+       list_del(&cmd->queue);
+
        mutex_unlock(&dev->cmd_lock);
 
        __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
                                     cmd->in_frame_len, cmd->cmd_complete,
                                     cmd->arg, cmd->flags);
 
-       list_del(&cmd->queue);
        kfree(cmd);
 }