From 3c1c0f5dc80bbde5baef2403cc6a0d33c9824d2d Mon Sep 17 00:00:00 2001
From: Vincent Cuissard <cuissard@marvell.com>
Date: Tue, 22 Jul 2014 19:48:39 +0200
Subject: [PATCH] NFC: NCI: Fix nci_register_device init sequence

All contexts have to be initiliazed before calling
nfc_register_device otherwise it is possible to call
nci_dev_up before ending the nci_register_device
function. In such case kernel will crash on non
initialized variables.

Signed-off-by: Vincent Cuissard <cuissard@marvell.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
---
 net/nfc/nci/core.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 860080803a3e88..90b16cb4005880 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -759,10 +759,6 @@ int nci_register_device(struct nci_dev *ndev)
 	struct device *dev = &ndev->nfc_dev->dev;
 	char name[32];
 
-	rc = nfc_register_device(ndev->nfc_dev);
-	if (rc)
-		goto exit;
-
 	ndev->flags = 0;
 
 	INIT_WORK(&ndev->cmd_work, nci_cmd_work);
@@ -770,7 +766,7 @@ int nci_register_device(struct nci_dev *ndev)
 	ndev->cmd_wq = create_singlethread_workqueue(name);
 	if (!ndev->cmd_wq) {
 		rc = -ENOMEM;
-		goto unreg_exit;
+		goto exit;
 	}
 
 	INIT_WORK(&ndev->rx_work, nci_rx_work);
@@ -800,6 +796,10 @@ int nci_register_device(struct nci_dev *ndev)
 
 	mutex_init(&ndev->req_lock);
 
+	rc = nfc_register_device(ndev->nfc_dev);
+	if (rc)
+		goto destroy_rx_wq_exit;
+
 	goto exit;
 
 destroy_rx_wq_exit:
@@ -808,9 +808,6 @@ destroy_rx_wq_exit:
 destroy_cmd_wq_exit:
 	destroy_workqueue(ndev->cmd_wq);
 
-unreg_exit:
-	nfc_unregister_device(ndev->nfc_dev);
-
 exit:
 	return rc;
 }
-- 
GitLab