USB HID: hiddev - fix race between hiddev_send_event() and hiddev_release()

	wait_queue_head_t wait;

	struct hid_device *hid;

	struct list_head list;

	spinlock_t list_lock;

};

struct hiddev_list {

{

	struct hiddev *hiddev = hid->hiddev;

	struct hiddev_list *list;

	unsigned long flags;

	spin_lock_irqsave(&hiddev->list_lock, flags);

	list_for_each_entry(list, &hiddev->list, node) {

		if (uref->field_index != HID_FIELD_INDEX_NONE ||

		    (list->flags & HIDDEV_FLAG_REPORT) != 0) {

			kill_fasync(&list->fasync, SIGIO, POLL_IN);

		}

	}

	spin_unlock_irqrestore(&hiddev->list_lock, flags);

	wake_up_interruptible(&hiddev->wait);

}

static int hiddev_release(struct inode * inode, struct file * file)

{

	struct hiddev_list *list = file->private_data;

	unsigned long flags;

	hiddev_fasync(-1, file, 0);

	spin_lock_irqsave(&list->hiddev->list_lock, flags);

	list_del(&list->node);

	spin_unlock_irqrestore(&list->hiddev->list_lock, flags);

	if (!--list->hiddev->open) {

		if (list->hiddev->exist)

static int hiddev_open(struct inode *inode, struct file *file)

{

	struct hiddev_list *list;

	unsigned long flags;

	int i = iminor(inode) - HIDDEV_MINOR_BASE;

		return -ENOMEM;

	list->hiddev = hiddev_table[i];

	spin_lock_irqsave(&list->hiddev->list_lock, flags);

	list_add_tail(&list->node, &hiddev_table[i]->list);

	spin_unlock_irqrestore(&list->hiddev->list_lock, flags);

	file->private_data = list;

	if (!list->hiddev->open++)

	init_waitqueue_head(&hiddev->wait);

	INIT_LIST_HEAD(&hiddev->list);

	spin_lock_init(&hiddev->list_lock);

	hiddev->hid = hid;

	hiddev->exist = 1;