Sometimes, a error occurs just after the Command has been reported
to be successful (CC=1) but before data transfer completes (TC=1).
Setting end_cmd=1 here leads to a NULL pointer dereference of
host->cmd as the command complete has previously been handled.
Set end_cmd only when command complete has not been handled
before, else a NULL pointer dereference occurs.
CC: stable@xxxxxxxxxxxxxxx
Signed-off-by: Venkatraman S <svenkatr@xxxxxx>
---
drivers/mmc/host/omap_hsmmc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c
index 5434fd8..06d2e03 100644
--- a/drivers/mmc/host/omap_hsmmc.c
+++ b/drivers/mmc/host/omap_hsmmc.c
@@ -996,7 +996,8 @@ static void omap_hsmmc_do_irq(struct omap_hsmmc_host *host, int status)
else if (status & (CMD_CRC | DATA_CRC))
hsmmc_command_incomplete(host, -EILSEQ);
- end_cmd = 1;
+ if (host->cmd)
+ end_cmd = 1;
if (host->data || host->response_busy) {
end_trans = 1;
host->response_busy = 0;
--
1.8.0
--
To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
