From 46e33c606af8e0caeeca374103189663d877c0d6 Mon Sep 17 00:00:00 2001 From: Javi Merino Date: Wed, 15 Feb 2012 17:36:39 +0100 Subject: ARM: 7326/2: PL330: fix null pointer dereference in pl330_chan_ctrl() This fixes the thrd->req_running field being accessed before thrd is checked for null. The error was introduced in abb959f: ARM: 7237/1: PL330: Fix driver freeze Reference: <1326458191-23492-1-git-send-email-mans.rullgard@linaro.org> Cc: stable@kernel.org Signed-off-by: Mans Rullgard Acked-by: Javi Merino Signed-off-by: Russell King --- arch/arm/common/pl330.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'arch/arm/common') diff --git a/arch/arm/common/pl330.c b/arch/arm/common/pl330.c index d8e44a43047c..ff3ad2244824 100644 --- a/arch/arm/common/pl330.c +++ b/arch/arm/common/pl330.c @@ -1502,12 +1502,13 @@ int pl330_chan_ctrl(void *ch_id, enum pl330_chan_op op) struct pl330_thread *thrd = ch_id; struct pl330_dmac *pl330; unsigned long flags; - int ret = 0, active = thrd->req_running; + int ret = 0, active; if (!thrd || thrd->free || thrd->dmac->state == DYING) return -EINVAL; pl330 = thrd->dmac; + active = thrd->req_running; spin_lock_irqsave(&pl330->lock, flags); -- cgit v1.2.3