mmc: block: check for NULL pointer before dereferencing
mmc block data can be NULL. Hence, check for NULL before
dereferencing md.
CRs-Fixed: 562259
Change-Id: I0182c216ec73347cdd2ea464f593839fffd242a9
Signed-off-by: Asutosh Das <asutoshd@codeaurora.org>
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index 6add807..9c6bef6 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -198,9 +198,13 @@
{
int ret;
struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
- struct mmc_card *card = md->queue.card;
+ struct mmc_card *card;
int locked = 0;
+ if (!md)
+ return -EINVAL;
+
+ card = md->queue.card;
if (card->ext_csd.boot_ro_lock & EXT_CSD_BOOT_WP_B_PERM_WP_EN)
locked = 2;
else if (card->ext_csd.boot_ro_lock & EXT_CSD_BOOT_WP_B_PWR_WP_EN)
@@ -226,6 +230,8 @@
return count;
md = mmc_blk_get(dev_to_disk(dev));
+ if (!md)
+ return -EINVAL;
card = md->queue.card;
mmc_rpm_hold(card->host, &card->dev);
@@ -265,6 +271,9 @@
int ret;
struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
+ if (!md)
+ return -EINVAL;
+
ret = snprintf(buf, PAGE_SIZE, "%d",
get_disk_ro(dev_to_disk(dev)) ^
md->read_only);
@@ -279,6 +288,10 @@
char *end;
struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
unsigned long set = simple_strtoul(buf, &end, 0);
+
+ if (!md)
+ return -EINVAL;
+
if (end == buf) {
ret = -EINVAL;
goto out;
@@ -299,6 +312,8 @@
int num_wr_reqs_to_start_packing;
int ret;
+ if (!md)
+ return -EINVAL;
num_wr_reqs_to_start_packing = md->queue.num_wr_reqs_to_start_packing;
ret = snprintf(buf, PAGE_SIZE, "%d\n", num_wr_reqs_to_start_packing);
@@ -314,9 +329,13 @@
{
int value;
struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
- struct mmc_card *card = md->queue.card;
+ struct mmc_card *card;
int ret = count;
+ if (!md)
+ return -EINVAL;
+
+ card = md->queue.card;
if (!card) {
ret = -EINVAL;
goto exit;
@@ -348,9 +367,13 @@
struct device_attribute *attr, char *buf)
{
struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
- struct mmc_card *card = md->queue.card;
+ struct mmc_card *card;
int ret;
+ if (!md)
+ return -EINVAL;
+
+ card = md->queue.card;
if (!card)
ret = -EINVAL;
else
@@ -368,10 +391,14 @@
{
int value;
struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
- struct mmc_card *card = md->queue.card;
+ struct mmc_card *card;
unsigned int card_size;
int ret = count;
+ if (!md)
+ return -EINVAL;
+
+ card = md->queue.card;
if (!card) {
ret = -EINVAL;
goto exit;
@@ -409,6 +436,8 @@
struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
int ret;
+ if (!md)
+ return -EINVAL;
ret = snprintf(buf, PAGE_SIZE, "%d\n", md->queue.no_pack_for_random);
mmc_blk_put(md);
@@ -422,9 +451,13 @@
{
int value;
struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
- struct mmc_card *card = md->queue.card;
+ struct mmc_card *card;
int ret = count;
+ if (!md)
+ return -EINVAL;
+
+ card = md->queue.card;
if (!card) {
ret = -EINVAL;
goto exit;
@@ -772,7 +805,7 @@
/* make sure this is a rpmb partition */
if ((!md) || (!(md->area_type & MMC_BLK_DATA_AREA_RPMB))) {
err = -EINVAL;
- goto cmd_done;
+ return err;
}
idata = mmc_blk_ioctl_rpmb_copy_from_user(ic_ptr);