From: Gavin Lambert <gavinl@compacsort.com>
Date: Thu, 2 Nov 2017 19:47:43 +1300

ecrt_slave_config_state can very rarely trigger a NULL BUG or other weirdness
if called while a rescan is in progress.

diff --git a/master/ioctl.c b/master/ioctl.c
--- a/master/ioctl.c
+++ b/master/ioctl.c
@@ -3170,14 +3170,19 @@ static ATTRIBUTES int ec_ioctl_sc_state(
         return -EFAULT;
     }
 
-    /* no locking of master_sem needed, because sc will not be deleted in the
-     * meantime. */
-
     if (!(sc = ec_master_get_config_const(master, data.config_index))) {
         return -ENOENT;
     }
 
+    /* we don't need to lock master_sem earlier, because sc will not be
+     * deleted in the meantime; but sc->slave might be modified if a
+     * rescan is in progress during this call, which could cause issues */
+
+    if (ec_lock_down_interruptible(&master->master_sem))
+        return -EINTR;
+
     ecrt_slave_config_state(sc, &state);
+    ec_lock_up(&master->master_sem);
 
     if (copy_to_user((void __user *) data.state, &state, sizeof(state)))
         return -EFAULT;