| From 0c9c99a765321104cc5f9c97f949382a9ba4927e Mon Sep 17 00:00:00 2001 |
| From: Chris Ball <cjb@laptop.org> |
| Date: Wed, 27 Apr 2011 17:35:31 -0400 |
| Subject: mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish |
| |
| From: Chris Ball <cjb@laptop.org> |
| |
| commit 0c9c99a765321104cc5f9c97f949382a9ba4927e upstream. |
| |
| It seems that under certain circumstances the sdhci_tasklet_finish() |
| call can be entered with mrq set to NULL, causing the system to crash |
| with a NULL pointer de-reference. |
| |
| Seen on S3C6410 system. Based on a patch by Dimitris Papastamos. |
| |
| Reported-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com> |
| Signed-off-by: Chris Ball <cjb@laptop.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/mmc/host/sdhci.c | 7 +++++++ |
| 1 file changed, 7 insertions(+) |
| |
| --- a/drivers/mmc/host/sdhci.c |
| +++ b/drivers/mmc/host/sdhci.c |
| @@ -1266,6 +1266,13 @@ static void sdhci_tasklet_finish(unsigne |
| |
| host = (struct sdhci_host*)param; |
| |
| + /* |
| + * If this tasklet gets rescheduled while running, it will |
| + * be run again afterwards but without any active request. |
| + */ |
| + if (!host->mrq) |
| + return; |
| + |
| spin_lock_irqsave(&host->lock, flags); |
| |
| del_timer(&host->timer); |
