mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish

commit 0c9c99a765321104cc5f9c97f949382a9ba4927e upstream. It seems that under certain circumstances the sdhci_tasklet_finish() call can be entered with mrq set to NULL, causing the system to crash with a NULL pointer de-reference. Seen on S3C6410 system. Based on a patch by Dimitris Papastamos. Reported-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Chris Ball <cjb@laptop.org> 2011-04-27 17:35:31 -0400
committer: Greg Kroah-Hartman <gregkh@suse.de> 2011-05-09 16:04:43 -0700
commit: 92b2e2e2e402a2d6bc2858b8a96965f33f614315 (patch)
tree: bbf794ac2822d19eb0c60b33571bd83ec22eaf03
parent: e4fc1e247b5ab8664356a4d537c15af8c0bcb302 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c
index 0b388cc3a242..e6c65a78c46c 100644
--- a/drivers/mmc/host/sdhci.c
+++ b/drivers/mmc/host/sdhci.c
@@ -1266,6 +1266,13 @@ static void sdhci_tasklet_finish(unsigned long param)
 
 	host = (struct sdhci_host*)param;
 
+        /*
+         * If this tasklet gets rescheduled while running, it will
+         * be run again afterwards but without any active request.
+         */
+	if (!host->mrq)
+		return;
+
 	spin_lock_irqsave(&host->lock, flags);
 
 	del_timer(&host->timer);
author	Chris Ball <cjb@laptop.org>	2011-04-27 17:35:31 -0400
committer	Greg Kroah-Hartman <gregkh@suse.de>	2011-05-09 16:04:43 -0700
commit	92b2e2e2e402a2d6bc2858b8a96965f33f614315 (patch)
tree	bbf794ac2822d19eb0c60b33571bd83ec22eaf03
parent	e4fc1e247b5ab8664356a4d537c15af8c0bcb302 (diff)