diff options
| author | Asutosh Das <asutoshd@codeaurora.org> | 2014-12-09 10:15:53 +0200 |
|---|---|---|
| committer | Subhash Jadavani <subhashj@codeaurora.org> | 2016-05-31 15:25:57 -0700 |
| commit | 2f6c967231f2a4f6ee64bbefd372444efc210c1b (patch) | |
| tree | 7cfc44d1a32ba1e04e7b2c46bad7016c0a860e5e /drivers/mmc | |
| parent | e357ffba06233e026eba30d2348d4b524f2b4f9e (diff) | |
mmc: block: check for NULL pointer before dereferencing
mmc block data can be NULL. Hence, check for NULL before
dereferencing md.
CRs-Fixed: 562259
Change-Id: I0182c216ec73347cdd2ea464f593839fffd242a9
Signed-off-by: Asutosh Das <asutoshd@codeaurora.org>
[merez@codeaurora.org: fix conflicts due to removal of BKOPS statistics]
Signed-off-by: Maya Erez <merez@codeaurora.org>
[subhashj@codeaurora.org: fixed trivial merge conflicts]
Signed-off-by: Subhash Jadavani <subhashj@codeaurora.org>
Diffstat (limited to 'drivers/mmc')
| -rw-r--r-- | drivers/mmc/card/block.c | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index 9eb7061038af..27c3cb27d395 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -211,9 +211,13 @@ static ssize_t power_ro_lock_show(struct device *dev, { int ret; struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev)); - struct mmc_card *card = md->queue.card; + struct mmc_card *card; int locked = 0; + if (!md) + return -EINVAL; + + card = md->queue.card; if (card->ext_csd.boot_ro_lock & EXT_CSD_BOOT_WP_B_PERM_WP_EN) locked = 2; else if (card->ext_csd.boot_ro_lock & EXT_CSD_BOOT_WP_B_PWR_WP_EN) @@ -241,6 +245,8 @@ static ssize_t power_ro_lock_store(struct device *dev, return count; md = mmc_blk_get(dev_to_disk(dev)); + if (!md) + return -EINVAL; card = md->queue.card; mmc_get_card(card); @@ -278,6 +284,9 @@ static ssize_t force_ro_show(struct device *dev, struct device_attribute *attr, int ret; struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev)); + if (!md) + return -EINVAL; + ret = snprintf(buf, PAGE_SIZE, "%d\n", get_disk_ro(dev_to_disk(dev)) ^ md->read_only); @@ -292,6 +301,10 @@ static ssize_t force_ro_store(struct device *dev, struct device_attribute *attr, char *end; struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev)); unsigned long set = simple_strtoul(buf, &end, 0); + + if (!md) + return -EINVAL; + if (end == buf) { ret = -EINVAL; goto out; @@ -312,6 +325,8 @@ num_wr_reqs_to_start_packing_show(struct device *dev, int num_wr_reqs_to_start_packing; int ret; + if (!md) + return -EINVAL; num_wr_reqs_to_start_packing = md->queue.num_wr_reqs_to_start_packing; ret = snprintf(buf, PAGE_SIZE, "%d\n", num_wr_reqs_to_start_packing); @@ -327,9 +342,13 @@ num_wr_reqs_to_start_packing_store(struct device *dev, { int value; struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev)); - struct mmc_card *card = md->queue.card; + struct mmc_card *card; int ret = count; + if (!md) + return -EINVAL; + + card = md->queue.card; if (!card) { ret = -EINVAL; goto exit; @@ -363,6 +382,8 @@ no_pack_for_random_show(struct device *dev, struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev)); int ret; + if (!md) + return -EINVAL; ret = snprintf(buf, PAGE_SIZE, "%d\n", md->queue.no_pack_for_random); mmc_blk_put(md); @@ -376,9 +397,13 @@ no_pack_for_random_store(struct device *dev, { int value; struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev)); - struct mmc_card *card = md->queue.card; + struct mmc_card *card; int ret = count; + if (!md) + return -EINVAL; + + card = md->queue.card; if (!card) { ret = -EINVAL; goto exit; @@ -735,7 +760,7 @@ static int mmc_blk_ioctl_rpmb_cmd(struct block_device *bdev, /* make sure this is a rpmb partition */ if ((!md) || (!(md->area_type & MMC_BLK_DATA_AREA_RPMB))) { err = -EINVAL; - goto cmd_done; + return err; } idata = mmc_blk_ioctl_rpmb_copy_from_user(ic_ptr); |