[PATCH 3.11 121/272] mmc: atmel-mci: fix oops in atmci_tasklet_func

[Luis Henriques]

3.11.10.1 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Rodolfo Giometti <giometti at enneenne.com>

commit fbd986cd420d1deeabf1039ec4e74075a5639db5 upstream.

In some cases, a NULL pointer dereference happens because data is NULL when
STATE_END_REQUEST case is reached in atmci_tasklet_func.

Signed-off-by: Rodolfo Giometti <giometti at enneenne.com>
Acked-by: Ludovic Desroches <ludovic.desroches at atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre at atmel.com>
Signed-off-by: Chris Ball <cjb at laptop.org>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 drivers/mmc/host/atmel-mci.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/drivers/mmc/host/atmel-mci.c b/drivers/mmc/host/atmel-mci.c
index e9ea2fc..78d7e47 100644
--- a/drivers/mmc/host/atmel-mci.c
+++ b/drivers/mmc/host/atmel-mci.c
@@ -1792,12 +1792,14 @@ static void atmci_tasklet_func(unsigned long priv)
 			if (unlikely(status)) {
 				host->stop_transfer(host);
 				host->data = NULL;
-				if (status & ATMCI_DTOE) {
-					data->error = -ETIMEDOUT;
-				} else if (status & ATMCI_DCRCE) {
-					data->error = -EILSEQ;
-				} else {
-					data->error = -EIO;
+				if (data) {
+					if (status & ATMCI_DTOE) {
+						data->error = -ETIMEDOUT;
+					} else if (status & ATMCI_DCRCE) {
+						data->error = -EILSEQ;
+					} else {
+						data->error = -EIO;
+					}
 				}
 			}
 
-- 
1.8.3.2