NFC: NCI: Fix nci_register_device init sequence

All contexts have to be initiliazed before calling nfc_register_device otherwise it is possible to call nci_dev_up before ending the nci_register_device function. In such case kernel will crash on non initialized variables. Signed-off-by: Vincent Cuissard <cuissard@marvell.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
mariux64 · Sep 1, 2014 · 3c1c0f5 · 3c1c0f5
1 parent cfdbeea
commit 3c1c0f5
Showing 1 changed file with 5 additions and 8 deletions.
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
@@ -759,18 +759,14 @@ int nci_register_device(struct nci_dev *ndev)
 	struct device *dev = &ndev->nfc_dev->dev;
 	char name[32];
 
-	rc = nfc_register_device(ndev->nfc_dev);
-	if (rc)
-		goto exit;
-
 	ndev->flags = 0;
 
 	INIT_WORK(&ndev->cmd_work, nci_cmd_work);
 	snprintf(name, sizeof(name), "%s_nci_cmd_wq", dev_name(dev));
 	ndev->cmd_wq = create_singlethread_workqueue(name);
 	if (!ndev->cmd_wq) {
 		rc = -ENOMEM;
-		goto unreg_exit;
+		goto exit;
 	}
 
 	INIT_WORK(&ndev->rx_work, nci_rx_work);
@@ -800,6 +796,10 @@ int nci_register_device(struct nci_dev *ndev)
 
 	mutex_init(&ndev->req_lock);
 
+	rc = nfc_register_device(ndev->nfc_dev);
+	if (rc)
+		goto destroy_rx_wq_exit;
+
 	goto exit;
 
 destroy_rx_wq_exit:
@@ -808,9 +808,6 @@ int nci_register_device(struct nci_dev *ndev)
 destroy_cmd_wq_exit:
 	destroy_workqueue(ndev->cmd_wq);
 
-unreg_exit:
-	nfc_unregister_device(ndev->nfc_dev);
-
 exit:
 	return rc;
 }