Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 0facf174a540c98c6096829d63eddf93f5f5570c
commit0facf174a540c98c6096829d63eddf93f5f5570c[log] [tgz]
authorSujit Reddy Thumma <sthumma@codeaurora.org>Thu Jun 20 14:11:38 2013 +0530
committerSujit Reddy Thumma <sthumma@codeaurora.org>Fri Jun 21 19:13:24 2013 +0530
treed22c11c9194c866502b5f1341a80187b7f5e8086
parent01db8712c969f16951f2cf3fe1ac0fad94aea194 [diff]
mmc: msm_sdcc: Fix null pointer dereference in msmsdcc_pio_irq()

In a case where, the data transfer is scheduled in PIO mode, the write
data pend feature is enabled and the command corresponding to the data
transfer is timedout, it can happen that the failure recovery mechanism
clears the internal data transfer structure but not the PIO IRQ mask.
Since the msmsdcc_irq() and msmsdcc_pio_irq() are shared IRQ handlers,
the data structures free'd in command timeout interrupt routine might
be accessed in the msmsdcc_pio_irq() causing NULL pointer dereference.
Fix this by clearing PIO IRQ mask before stopping the data transfer.

CRs-Fixed: 498700
Change-Id: If597eed5da1707b8cbfb2c9c305719bf21d0eec5
Signed-off-by: Sujit Reddy Thumma <sthumma@codeaurora.org>
1 file changed
tree: d22c11c9194c866502b5f1341a80187b7f5e8086
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS