Hi Mark, On Wed, Apr 27 2011, Mark Brown wrote: > Ben Dooks (1): > MMC: SDHCI: Check mrq->cmd in sdhci_tasklet_finish > > Dimitris Papastamos (1): > MMC: SDHCI: Check mrq != NULL in sdhci_tasklet_finish Thanks. I've merged Ben's patch for .39, and also: From: Chris Ball <cjb@xxxxxxxxxx> Subject: [PATCH] mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish It seems that under certain circumstances the sdhci_tasklet_finish() call can be entered with mrq set to NULL, causing the system to crash with a NULL pointer de-reference. Seen on S3C6410 system. Based on a patch by Dimitris Papastamos. Reported-by: Dimitris Papastamos <dp@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Cc: <stable@xxxxxxxxxx> Signed-off-by: Chris Ball <cjb@xxxxxxxxxx> --- drivers/mmc/host/sdhci.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c index e4084a3..f197c67 100644 --- a/drivers/mmc/host/sdhci.c +++ b/drivers/mmc/host/sdhci.c @@ -1808,6 +1808,13 @@ static void sdhci_tasklet_finish(unsigned long param) host = (struct sdhci_host*)param; + /* + * If this tasklet gets rescheduled while running, it will + * be run again afterwards but without any active request. + */ + if (!host->mrq) + return; + spin_lock_irqsave(&host->lock, flags); del_timer(&host->timer); -- Chris Ball <cjb@xxxxxxxxxx> <http://printf.net/> One Laptop Per Child -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
