aboutsummaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorJavi Merino <javi.merino@arm.com>2012-02-15 11:36:39 -0500
committerRussell King <rmk+kernel@arm.linux.org.uk>2012-02-15 16:10:49 -0500
commit46e33c606af8e0caeeca374103189663d877c0d6 (patch)
treea1f97d7fd9af85b6f505c166222152192c11c1bb /arch
parent4272f98a1ae81709fc5c804c33c044064e419cd9 (diff)
ARM: 7326/2: PL330: fix null pointer dereference in pl330_chan_ctrl()
This fixes the thrd->req_running field being accessed before thrd is checked for null. The error was introduced in abb959f: ARM: 7237/1: PL330: Fix driver freeze Reference: <1326458191-23492-1-git-send-email-mans.rullgard@linaro.org> Cc: stable@kernel.org Signed-off-by: Mans Rullgard <mans.rullgard@linaro.org> Acked-by: Javi Merino <javi.merino@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Diffstat (limited to 'arch')
-rw-r--r--arch/arm/common/pl330.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/arm/common/pl330.c b/arch/arm/common/pl330.c
index d8e44a43047c..ff3ad2244824 100644
--- a/arch/arm/common/pl330.c
+++ b/arch/arm/common/pl330.c
@@ -1502,12 +1502,13 @@ int pl330_chan_ctrl(void *ch_id, enum pl330_chan_op op)
1502 struct pl330_thread *thrd = ch_id; 1502 struct pl330_thread *thrd = ch_id;
1503 struct pl330_dmac *pl330; 1503 struct pl330_dmac *pl330;
1504 unsigned long flags; 1504 unsigned long flags;
1505 int ret = 0, active = thrd->req_running; 1505 int ret = 0, active;
1506 1506
1507 if (!thrd || thrd->free || thrd->dmac->state == DYING) 1507 if (!thrd || thrd->free || thrd->dmac->state == DYING)
1508 return -EINVAL; 1508 return -EINVAL;
1509 1509
1510 pl330 = thrd->dmac; 1510 pl330 = thrd->dmac;
1511 active = thrd->req_running;
1511 1512
1512 spin_lock_irqsave(&pl330->lock, flags); 1513 spin_lock_irqsave(&pl330->lock, flags);
1513 1514