From: Javi Merino Date: Wed, 15 Feb 2012 16:36:39 +0000 (+0100) Subject: ARM: 7326/2: PL330: fix null pointer dereference in pl330_chan_ctrl() X-Git-Tag: submit/tizen_common/20140905.094502~5824^2~15 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=46e33c606af8e0caeeca374103189663d877c0d6;p=sdk%2Femulator%2Femulator-kernel.git ARM: 7326/2: PL330: fix null pointer dereference in pl330_chan_ctrl() This fixes the thrd->req_running field being accessed before thrd is checked for null. The error was introduced in abb959f: ARM: 7237/1: PL330: Fix driver freeze Reference: <1326458191-23492-1-git-send-email-mans.rullgard@linaro.org> Cc: stable@kernel.org Signed-off-by: Mans Rullgard Acked-by: Javi Merino Signed-off-by: Russell King --- diff --git a/arch/arm/common/pl330.c b/arch/arm/common/pl330.c index d8e44a43047c..ff3ad2244824 100644 --- a/arch/arm/common/pl330.c +++ b/arch/arm/common/pl330.c @@ -1502,12 +1502,13 @@ int pl330_chan_ctrl(void *ch_id, enum pl330_chan_op op) struct pl330_thread *thrd = ch_id; struct pl330_dmac *pl330; unsigned long flags; - int ret = 0, active = thrd->req_running; + int ret = 0, active; if (!thrd || thrd->free || thrd->dmac->state == DYING) return -EINVAL; pl330 = thrd->dmac; + active = thrd->req_running; spin_lock_irqsave(&pl330->lock, flags);