[PATCH 3/3] nfc: trf7970a: Prevent repeated polling from crashing the kernel

[PATCH 1/3] NFC: trf7970a: add device tree option for 27MHz clock · Geoff Lansberry <hidden> · 2016-12-20
[PATCH 2/3] NFC: trf7970a: Add device tree option of 1.8 Volt IO voltage · Geoff Lansberry <hidden> · 2016-12-20
Re: [PATCH 2/3] NFC: trf7970a: Add device tree option of 1.8 Volt IO voltage · Mark Greer <mgreer@animalcreek.com> · 2016-12-21
Re: [PATCH 2/3] NFC: trf7970a: Add device tree option of 1.8 Volt IO voltage · Geoff Lansberry <hidden> · 2016-12-21
Re: [PATCH 2/3] NFC: trf7970a: Add device tree option of 1.8 Volt IO voltage · Mark Greer <mgreer@animalcreek.com> · 2016-12-21
[PATCH 3/3] nfc: trf7970a: Prevent repeated polling from crashing the kernel · Geoff Lansberry <hidden> · 2016-12-20
Re: [PATCH 3/3] nfc: trf7970a: Prevent repeated polling from crashing the kernel · Mark Greer <mgreer@animalcreek.com> · 2016-12-20
Re: nfc: trf7970a: Prevent repeated polling from crashing the kernel · Justin Bronder <hidden> · 2016-12-20
Re: nfc: trf7970a: Prevent repeated polling from crashing the kernel · Mark Greer <mgreer@animalcreek.com> · 2016-12-20
Re: [PATCH 1/3] NFC: trf7970a: add device tree option for 27MHz clock · Jones Desougi <hidden> · 2016-12-20
Re: [PATCH 1/3] NFC: trf7970a: add device tree option for 27MHz clock · Mark Greer <mgreer@animalcreek.com> · 2016-12-20
Re: [PATCH 1/3] NFC: trf7970a: add device tree option for 27MHz clock · Geoff Lansberry <hidden> · 2016-12-20
Re: [PATCH 1/3] NFC: trf7970a: add device tree option for 27MHz clock · Mark Greer <mgreer@animalcreek.com> · 2016-12-20

STALE3450d

From: Geoff Lansberry <hidden>
Date: 2016-12-20 16:17:38
Also in: linux-devicetree, lkml, netdev
Subsystem: nfc subsystem, the rest, ti trf7970a nfc driver · Maintainers: David Heidelberg, Linus Torvalds, Mark Greer

From: Jaret Cantu <redacted>

Repeated polling attempts cause a NULL dereference error to occur.
This is because the state of the trf7970a is currently reading but
another request has been made to send a command before it has finished.

The solution is to properly kill the waiting reading (workqueue)
before failing on the send.
---
 drivers/nfc/trf7970a.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/nfc/trf7970a.c b/drivers/nfc/trf7970a.c
index 8a88195..5916737 100644
--- a/drivers/nfc/trf7970a.c
+++ b/drivers/nfc/trf7970a.c

@@ -1496,6 +1496,10 @@ static int trf7970a_send_cmd(struct nfc_digital_dev *ddev,
 			(trf->state != TRF7970A_ST_IDLE_RX_BLOCKED)) {
 		dev_err(trf->dev, "%s - Bogus state: %d\n", __func__,
 				trf->state);
+		if (trf->state == TRF7970A_ST_WAIT_FOR_RX_DATA ||
+		    trf->state == TRF7970A_ST_WAIT_FOR_RX_DATA_CONT)
+			trf->ignore_timeout =
+				!cancel_delayed_work(&trf->timeout_work);
 		ret = -EIO;
 		goto out_err;
 	}

-- 
Signed-off-by: Geoff Lansberry <geoff@kuvee.com>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help