From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 22 Feb 2012 21:26:55 +0000 (-0800)
Subject: 3.2-stable patches
X-Git-Tag: v3.2.8~19
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=07adc7dd4586c3075e3175a69c3fb25608f65330;p=thirdparty%2Fkernel%2Fstable-queue.git

3.2-stable patches

added patches:
	arm-7326-2-pl330-fix-null-pointer-dereference-in-pl330_chan_ctrl.patch
---

diff --git a/queue-3.2/arm-7326-2-pl330-fix-null-pointer-dereference-in-pl330_chan_ctrl.patch b/queue-3.2/arm-7326-2-pl330-fix-null-pointer-dereference-in-pl330_chan_ctrl.patch
new file mode 100644
index 00000000000..34a2a7fb8bf
--- /dev/null
+++ b/queue-3.2/arm-7326-2-pl330-fix-null-pointer-dereference-in-pl330_chan_ctrl.patch
@@ -0,0 +1,42 @@
+From 46e33c606af8e0caeeca374103189663d877c0d6 Mon Sep 17 00:00:00 2001
+From: Javi Merino <javi.merino@arm.com>
+Date: Wed, 15 Feb 2012 17:36:39 +0100
+Subject: ARM: 7326/2: PL330: fix null pointer dereference in pl330_chan_ctrl()
+
+From: Javi Merino <javi.merino@arm.com>
+
+commit 46e33c606af8e0caeeca374103189663d877c0d6 upstream.
+
+This fixes the thrd->req_running field being accessed before thrd
+is checked for null. The error was introduced in
+
+   abb959f: ARM: 7237/1: PL330: Fix driver freeze
+
+Reference: <1326458191-23492-1-git-send-email-mans.rullgard@linaro.org>
+
+Signed-off-by: Mans Rullgard <mans.rullgard@linaro.org>
+Acked-by: Javi Merino <javi.merino@arm.com>
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/common/pl330.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/arm/common/pl330.c
++++ b/arch/arm/common/pl330.c
+@@ -1496,12 +1496,13 @@ int pl330_chan_ctrl(void *ch_id, enum pl
+ 	struct pl330_thread *thrd = ch_id;
+ 	struct pl330_dmac *pl330;
+ 	unsigned long flags;
+-	int ret = 0, active = thrd->req_running;
++	int ret = 0, active;
+ 
+ 	if (!thrd || thrd->free || thrd->dmac->state == DYING)
+ 		return -EINVAL;
+ 
+ 	pl330 = thrd->dmac;
++	active = thrd->req_running;
+ 
+ 	spin_lock_irqsave(&pl330->lock, flags);
+ 
diff --git a/queue-3.2/series b/queue-3.2/series
index 82bf52504cd..cc8368fd5f9 100644
--- a/queue-3.2/series
+++ b/queue-3.2/series
@@ -8,3 +8,4 @@ regmap-fix-cache-defaults-initialization-from-raw-cache-defaults.patch
 ecryptfs-copy-up-lower-inode-attrs-after-setting-lower-xattr.patch
 correct-ktime-to-tod-clock-comparator-conversion.patch
 vfs-fix-d_inode_lookup-dentry-ref-leak.patch
+arm-7326-2-pl330-fix-null-pointer-dereference-in-pl330_chan_ctrl.patch