| Message ID | 1352220737-14071-2-git-send-email-svenkatr@ti.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tuesday 06 November 2012 10:22 PM, Venkatraman S wrote: > Sometimes, a error occurs just after the Command has been reported > to be successful (CC=1) but before data transfer completes (TC=1). > Setting end_cmd=1 here leads to a NULL pointer dereference of > host->cmd as the command complete has previously been handled. > > Set end_cmd only when command complete has not been handled > before, else a NULL pointer dereference occurs. > > CC: stable@vger.kernel.org Removing stable list as this is not applicable for previous major release. Sent a patch to fix the same in different way. > Signed-off-by: Venkatraman S <svenkatr@ti.com> > --- > drivers/mmc/host/omap_hsmmc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c > index 5434fd8..06d2e03 100644 > --- a/drivers/mmc/host/omap_hsmmc.c > +++ b/drivers/mmc/host/omap_hsmmc.c > @@ -996,7 +996,8 @@ static void omap_hsmmc_do_irq(struct omap_hsmmc_host *host, int status) > else if (status & (CMD_CRC | DATA_CRC)) > hsmmc_command_incomplete(host, -EILSEQ); > > - end_cmd = 1; > + if (host->cmd) > + end_cmd = 1; > if (host->data || host->response_busy) { > end_trans = 1; > host->response_busy = 0; > -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c index 5434fd8..06d2e03 100644 --- a/drivers/mmc/host/omap_hsmmc.c +++ b/drivers/mmc/host/omap_hsmmc.c @@ -996,7 +996,8 @@ static void omap_hsmmc_do_irq(struct omap_hsmmc_host *host, int status) else if (status & (CMD_CRC | DATA_CRC)) hsmmc_command_incomplete(host, -EILSEQ); - end_cmd = 1; + if (host->cmd) + end_cmd = 1; if (host->data || host->response_busy) { end_trans = 1; host->response_busy = 0;
Sometimes, a error occurs just after the Command has been reported to be successful (CC=1) but before data transfer completes (TC=1). Setting end_cmd=1 here leads to a NULL pointer dereference of host->cmd as the command complete has previously been handled. Set end_cmd only when command complete has not been handled before, else a NULL pointer dereference occurs. CC: stable@vger.kernel.org Signed-off-by: Venkatraman S <svenkatr@ti.com> --- drivers/mmc/host/omap_hsmmc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)