blob: 74fe49b257eafb42579be935262f45f45ed6fda5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
From 32818d15fe50ef5465fc635252ca4c2c1bcf1673 Mon Sep 17 00:00:00 2001
From: Javi Merino <javi.merino@arm.com>
Date: Wed, 15 Feb 2012 17:36:39 +0100
Subject: [PATCH 12/73] ARM: 7326/2: PL330: fix null pointer dereference in
pl330_chan_ctrl()
commit 46e33c606af8e0caeeca374103189663d877c0d6 upstream.
This fixes the thrd->req_running field being accessed before thrd
is checked for null. The error was introduced in
abb959f: ARM: 7237/1: PL330: Fix driver freeze
Reference: <1326458191-23492-1-git-send-email-mans.rullgard@linaro.org>
Signed-off-by: Mans Rullgard <mans.rullgard@linaro.org>
Acked-by: Javi Merino <javi.merino@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/common/pl330.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/arch/arm/common/pl330.c b/arch/arm/common/pl330.c
index 8d8df74..67abef5 100644
--- a/arch/arm/common/pl330.c
+++ b/arch/arm/common/pl330.c
@@ -1496,12 +1496,13 @@ int pl330_chan_ctrl(void *ch_id, enum pl330_chan_op op)
struct pl330_thread *thrd = ch_id;
struct pl330_dmac *pl330;
unsigned long flags;
- int ret = 0, active = thrd->req_running;
+ int ret = 0, active;
if (!thrd || thrd->free || thrd->dmac->state == DYING)
return -EINVAL;
pl330 = thrd->dmac;
+ active = thrd->req_running;
spin_lock_irqsave(&pl330->lock, flags);
--
1.7.7.4
|