From: Geoff Lansberry <geoff@kuvee.com> To: linux-wireless@vger.kernel.org Cc: lauro.venancio@openbossa.org, aloisio.almeida@openbossa.org, sameo@linux.intel.com, robh+dt@kernel.org, mark.rutland@arm.com, netdev@vger.kernel.org, devicetree@vger.kernel.org, linux-kernel@vger.kernel.org, mgreer@animalcreek.com, justin@kuvee.com, Jaret Cantu <jaret.cantu@timesys.com>, Geoff Lansberry <geoff@kuvee.com> Subject: [PATCH 3/3] nfc: trf7970a: Prevent repeated polling from crashing the kernel Date: Tue, 20 Dec 2016 11:16:32 -0500 [thread overview] Message-ID: <1482250592-4268-3-git-send-email-glansberry@gmail.com> (raw) In-Reply-To: <1482250592-4268-1-git-send-email-glansberry@gmail.com> From: Jaret Cantu <jaret.cantu@timesys.com> Repeated polling attempts cause a NULL dereference error to occur. This is because the state of the trf7970a is currently reading but another request has been made to send a command before it has finished. The solution is to properly kill the waiting reading (workqueue) before failing on the send. --- drivers/nfc/trf7970a.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/nfc/trf7970a.c b/drivers/nfc/trf7970a.c index 8a88195..5916737 100644 --- a/drivers/nfc/trf7970a.c +++ b/drivers/nfc/trf7970a.c @@ -1496,6 +1496,10 @@ static int trf7970a_send_cmd(struct nfc_digital_dev *ddev, (trf->state != TRF7970A_ST_IDLE_RX_BLOCKED)) { dev_err(trf->dev, "%s - Bogus state: %d\n", __func__, trf->state); + if (trf->state == TRF7970A_ST_WAIT_FOR_RX_DATA || + trf->state == TRF7970A_ST_WAIT_FOR_RX_DATA_CONT) + trf->ignore_timeout = + !cancel_delayed_work(&trf->timeout_work); ret = -EIO; goto out_err; } -- Signed-off-by: Geoff Lansberry <geoff@kuvee.com>
next prev parent reply other threads:[~2016-12-20 16:17 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2016-12-20 16:16 [PATCH 1/3] NFC: trf7970a: add device tree option for 27MHz clock Geoff Lansberry 2016-12-20 16:16 ` [PATCH 2/3] NFC: trf7970a: Add device tree option of 1.8 Volt IO voltage Geoff Lansberry 2016-12-21 2:23 ` Mark Greer 2016-12-21 11:47 ` Geoff Lansberry 2016-12-21 16:13 ` Mark Greer 2016-12-20 16:16 ` Geoff Lansberry [this message] 2016-12-20 18:59 ` [PATCH 3/3] nfc: trf7970a: Prevent repeated polling from crashing the kernel Mark Greer 2016-12-20 19:13 ` Justin Bronder 2016-12-20 19:56 ` Mark Greer 2016-12-20 17:58 ` [PATCH 1/3] NFC: trf7970a: add device tree option for 27MHz clock Jones Desougi 2016-12-20 18:11 ` Mark Greer 2016-12-20 18:29 ` Geoff Lansberry 2016-12-20 18:35 ` Mark Greer -- strict thread matches above, loose matches on Subject: below -- 2016-12-20 16:10 Geoff Lansberry 2016-12-20 16:10 ` [PATCH 3/3] nfc: trf7970a: Prevent repeated polling from crashing the kernel Geoff Lansberry 2016-12-15 22:30 [PATCH 1/3] NFC: trf7970a: add device tree option for 27MHz clock Geoff Lansberry 2016-12-15 22:30 ` [PATCH 3/3] nfc: trf7970a: Prevent repeated polling from crashing the kernel Geoff Lansberry 2016-12-16 1:18 ` Mark Greer
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1482250592-4268-3-git-send-email-glansberry@gmail.com \ --to=geoff@kuvee.com \ --cc=aloisio.almeida@openbossa.org \ --cc=devicetree@vger.kernel.org \ --cc=jaret.cantu@timesys.com \ --cc=justin@kuvee.com \ --cc=lauro.venancio@openbossa.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-wireless@vger.kernel.org \ --cc=mark.rutland@arm.com \ --cc=mgreer@animalcreek.com \ --cc=netdev@vger.kernel.org \ --cc=robh+dt@kernel.org \ --cc=sameo@linux.intel.com \ --subject='Re: [PATCH 3/3] nfc: trf7970a: Prevent repeated polling from crashing the kernel' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).