NFC: digital: Clear poll_tech_count before activating target
authorMark A. Greer <mgreer@animalcreek.com>
Wed, 2 Jul 2014 16:03:49 +0000 (09:03 -0700)
committerSamuel Ortiz <sameo@linux.intel.com>
Sun, 20 Jul 2014 22:45:11 +0000 (00:45 +0200)
commit0529a7adf3421acf251355444a012073abaffebc
tree6aee9b69ddc4bb59f559197575eba606f532334f
parent4b4dbca5e49eea2567d0da777fea2c86e7b89622
NFC: digital: Clear poll_tech_count before activating target

Currently, digital_target_found() has a race between
the events started by calling nfc_targets_found()
(which ultimately expect ddev->poll_tech_count to be
zero) and setting ddev->poll_tech_count to zero after
the call to nfc_targets_found().  When the race is
"lost" (i.e., ddev->poll_tech_count is found to not
be zero by the events started by nfc_targets_found()),
an error message is printed and the target is not found.
A similar race exists when digital_tg_recv_atr_req()
calls nfc_tm_activated().

Fix this by first saving the current value of
ddev->poll_tech_count and then clearing it before
calling nfc_targets_found()/nfc_tm_activated().
Clearing ddev->poll_tech_count before calling
nfc_targets_found()/nfc_tm_activated() eliminates
the race.  Saving the value is required so it can be
restored when nfc_targets_found()/nfc_tm_activated()
fails and polling needs to continue.

Acked-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Mark A. Greer <mgreer@animalcreek.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
net/nfc/digital_core.c
net/nfc/digital_dep.c