ARM: 7326/2: PL330: fix null pointer dereference in pl330_chan_ctrl()
authorJavi Merino <javi.merino@arm.com>
Wed, 15 Feb 2012 16:36:39 +0000 (17:36 +0100)
committerRussell King <rmk+kernel@arm.linux.org.uk>
Wed, 15 Feb 2012 21:10:49 +0000 (21:10 +0000)
This fixes the thrd->req_running field being accessed before thrd
is checked for null. The error was introduced in

   abb959f: ARM: 7237/1: PL330: Fix driver freeze

Reference: <1326458191-23492-1-git-send-email-mans.rullgard@linaro.org>

Cc: stable@kernel.org
Signed-off-by: Mans Rullgard <mans.rullgard@linaro.org>
Acked-by: Javi Merino <javi.merino@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
arch/arm/common/pl330.c

index d8e44a43047ce5cce3a2db34b9368eafe157f579..ff3ad22448247bcc18bbc9c185563a0adf88ff18 100644 (file)
@@ -1502,12 +1502,13 @@ int pl330_chan_ctrl(void *ch_id, enum pl330_chan_op op)
        struct pl330_thread *thrd = ch_id;
        struct pl330_dmac *pl330;
        unsigned long flags;
-       int ret = 0, active = thrd->req_running;
+       int ret = 0, active;
 
        if (!thrd || thrd->free || thrd->dmac->state == DYING)
                return -EINVAL;
 
        pl330 = thrd->dmac;
+       active = thrd->req_running;
 
        spin_lock_irqsave(&pl330->lock, flags);