From: ChanWoo Lee <cw9316.lee@xxxxxxxxxxx>
In sdhci_cqe_enable(), a NULL value is used as an argument.
* sdhci_set_timeout(host, NULL);
-> __sdhci_set_timeout(host, cmd);
-> sdhci_calc_sw_timeout(host,cmd)
The current code doesn't have any problems with the 'too_big' variable.
-------------------------------------------------------------------------
void __sdhci_set_timeout(struct sdhci_host *host, struct mmc_command *cmd)
{
bool too_big = false;
u8 count = sdhci_calc_timeout(host, cmd, &too_big);
if (too_big &&
host->quirks2 & SDHCI_QUIRK2_DISABLE_HW_TIMEOUT) {
sdhci_calc_sw_timeout(host, cmd);
}
------------------------------------------------------------------------
However, if the code related to the 'too_big' variable changes
a null value may be used in the sdhci_calc_sw_timeout function.
To remove this dependency, add code to check 'cmd' once more.
Signed-off-by: ChanWoo Lee <cw9316.lee@xxxxxxxxxxx>
---
drivers/mmc/host/sdhci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c
index 7689ffec5ad1..e5a840097308 100644
--- a/drivers/mmc/host/sdhci.c
+++ b/drivers/mmc/host/sdhci.c
@@ -1029,7 +1029,7 @@ void __sdhci_set_timeout(struct sdhci_host *host, struct mmc_command *cmd)
bool too_big = false;
u8 count = sdhci_calc_timeout(host, cmd, &too_big);
- if (too_big &&
+ if (too_big && cmd &&
host->quirks2 & SDHCI_QUIRK2_DISABLE_HW_TIMEOUT) {
sdhci_calc_sw_timeout(host, cmd);
sdhci_set_data_timeout_irq(host, false);
--
2.29.0
