From 9eb7194690ba358db58da3180b11e526496481bc Mon Sep 17 00:00:00 2001 From: Ian Abbott Date: Fri, 23 Mar 2018 13:54:33 +0000 Subject: staging: comedi: cb_pcidas64: Fix external_ai_queue_in_use() `external_ai_queue_in_use()` is supposed to return 1 if the external channel sequencer is in use by an AI command, else return 0. If the "read" subdevice (which is the AI subdevice) is not busy then no AI command is running so the external channel sequencer is not in use, so the function should return 0. Unfortunately, the function's "read" subdevice busy test is inverted, so the function always returns 0 when the "read" subdevice is busy. Worse, if the "read" subdevice is not busy the subsequent call to `use_internal_queue_6xxx()` results in a null pointer dereference if a previous AI command used a channel list with a length greater than 1. Signed-off-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman --- drivers/staging/comedi/drivers/cb_pcidas64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/staging/comedi') diff --git a/drivers/staging/comedi/drivers/cb_pcidas64.c b/drivers/staging/comedi/drivers/cb_pcidas64.c index aa481c00e8e7..942ba5cd8270 100644 --- a/drivers/staging/comedi/drivers/cb_pcidas64.c +++ b/drivers/staging/comedi/drivers/cb_pcidas64.c @@ -3251,7 +3251,7 @@ static inline int external_ai_queue_in_use(struct comedi_device *dev) { const struct pcidas64_board *board = dev->board_ptr; - if (dev->read_subdev->busy) + if (!dev->read_subdev->busy) return 0; if (board->layout == LAYOUT_4020) return 0; -- cgit v1.2.1