From bb08a7d489bd22a9b6e489f8c8449b0bc92594d0 Mon Sep 17 00:00:00 2001 From: Rabin Vincent Date: Wed, 19 Aug 2015 15:41:35 +0200 Subject: mmc: usdhi6rol0: fix NULL pointer deref in debug print host->sg is only set when we're transferring multiple blocks. Check for its availibility before dereferencing it in the timeout work debug print. Signed-off-by: Rabin Vincent Signed-off-by: Ulf Hansson --- drivers/mmc/host/usdhi6rol0.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'drivers/mmc') diff --git a/drivers/mmc/host/usdhi6rol0.c b/drivers/mmc/host/usdhi6rol0.c index 63d5d722b01f..4188e84ea450 100644 --- a/drivers/mmc/host/usdhi6rol0.c +++ b/drivers/mmc/host/usdhi6rol0.c @@ -1634,6 +1634,7 @@ static void usdhi6_timeout_work(struct work_struct *work) struct usdhi6_host *host = container_of(d, struct usdhi6_host, timeout_work); struct mmc_request *mrq = host->mrq; struct mmc_data *data = mrq ? mrq->data : NULL; + struct scatterlist *sg = host->sg ?: data->sg; dev_warn(mmc_dev(host->mmc), "%s timeout wait %u CMD%d: IRQ 0x%08x:0x%08x, last IRQ 0x%08x\n", @@ -1669,7 +1670,7 @@ static void usdhi6_timeout_work(struct work_struct *work) "%c: page #%u @ +0x%zx %ux%u in SG%u. Current SG %u bytes @ %u\n", data->flags & MMC_DATA_READ ? 'R' : 'W', host->page_idx, host->offset, data->blocks, data->blksz, data->sg_len, - sg_dma_len(host->sg), host->sg->offset); + sg_dma_len(sg), sg->offset); usdhi6_sg_unmap(host, true); /* * If USDHI6_WAIT_FOR_DATA_END times out, we have already unmapped -- cgit v1.2.3-59-g8ed1b