[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1482250592-4268-3-git-send-email-glansberry@gmail.com>
Date: Tue, 20 Dec 2016 11:16:32 -0500
From: Geoff Lansberry <geoff@...ee.com>
To: linux-wireless@...r.kernel.org
Cc: lauro.venancio@...nbossa.org, aloisio.almeida@...nbossa.org,
sameo@...ux.intel.com, robh+dt@...nel.org, mark.rutland@....com,
netdev@...r.kernel.org, devicetree@...r.kernel.org,
linux-kernel@...r.kernel.org, mgreer@...malcreek.com,
justin@...ee.com, Jaret Cantu <jaret.cantu@...esys.com>,
Geoff Lansberry <geoff@...ee.com>
Subject: [PATCH 3/3] nfc: trf7970a: Prevent repeated polling from crashing the kernel
From: Jaret Cantu <jaret.cantu@...esys.com>
Repeated polling attempts cause a NULL dereference error to occur.
This is because the state of the trf7970a is currently reading but
another request has been made to send a command before it has finished.
The solution is to properly kill the waiting reading (workqueue)
before failing on the send.
---
drivers/nfc/trf7970a.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/nfc/trf7970a.c b/drivers/nfc/trf7970a.c
index 8a88195..5916737 100644
--- a/drivers/nfc/trf7970a.c
+++ b/drivers/nfc/trf7970a.c
@@ -1496,6 +1496,10 @@ static int trf7970a_send_cmd(struct nfc_digital_dev *ddev,
(trf->state != TRF7970A_ST_IDLE_RX_BLOCKED)) {
dev_err(trf->dev, "%s - Bogus state: %d\n", __func__,
trf->state);
+ if (trf->state == TRF7970A_ST_WAIT_FOR_RX_DATA ||
+ trf->state == TRF7970A_ST_WAIT_FOR_RX_DATA_CONT)
+ trf->ignore_timeout =
+ !cancel_delayed_work(&trf->timeout_work);
ret = -EIO;
goto out_err;
}
--
Signed-off-by: Geoff Lansberry <geoff@...ee.com>
Powered by blists - more mailing lists