mmc: atmel-mci: fix oops in atmci_tasklet_func
authorRodolfo Giometti <giometti@enneenne.com>
Mon, 9 Sep 2013 15:31:59 +0000 (17:31 +0200)
committerChris Ball <cjb@laptop.org>
Thu, 26 Sep 2013 01:46:11 +0000 (21:46 -0400)
In some cases, a NULL pointer dereference happens because data is NULL when
STATE_END_REQUEST case is reached in atmci_tasklet_func.

Cc: <stable@vger.kernel.org> # 3.9+
Signed-off-by: Rodolfo Giometti <giometti@enneenne.com>
Acked-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
drivers/mmc/host/atmel-mci.c

index b8dfe0d..92c1877 100644 (file)
@@ -1810,12 +1810,14 @@ static void atmci_tasklet_func(unsigned long priv)
                        if (unlikely(status)) {
                                host->stop_transfer(host);
                                host->data = NULL;
-                               if (status & ATMCI_DTOE) {
-                                       data->error = -ETIMEDOUT;
-                               } else if (status & ATMCI_DCRCE) {
-                                       data->error = -EILSEQ;
-                               } else {
-                                       data->error = -EIO;
+                               if (data) {
+                                       if (status & ATMCI_DTOE) {
+                                               data->error = -ETIMEDOUT;
+                                       } else if (status & ATMCI_DCRCE) {
+                                               data->error = -EILSEQ;
+                                       } else {
+                                               data->error = -EIO;
+                                       }
                                }
                        }