Commit 0c9c99a7 authored by Chris Ball's avatar Chris Ball

mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish

It seems that under certain circumstances the sdhci_tasklet_finish()
call can be entered with mrq set to NULL, causing the system to crash
with a NULL pointer de-reference.

Seen on S3C6410 system.  Based on a patch by Dimitris Papastamos.
Reported-by: default avatarDimitris Papastamos <dp@opensource.wolfsonmicro.com>
Cc: <stable@kernel.org>
Signed-off-by: default avatarChris Ball <cjb@laptop.org>
parent b7b4d342
...@@ -1334,6 +1334,13 @@ static void sdhci_tasklet_finish(unsigned long param) ...@@ -1334,6 +1334,13 @@ static void sdhci_tasklet_finish(unsigned long param)
host = (struct sdhci_host*)param; host = (struct sdhci_host*)param;
/*
* If this tasklet gets rescheduled while running, it will
* be run again afterwards but without any active request.
*/
if (!host->mrq)
return;
spin_lock_irqsave(&host->lock, flags); spin_lock_irqsave(&host->lock, flags);
del_timer(&host->timer); del_timer(&host->timer);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment