From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Geert Uytterhoeven <geert+renesas@linux-m68k.org>,
Mark Brown <broonie@linaro.org>
Subject: [PATCH 3.4 06/25] spi: Fix crash with double message finalisation on error handling
Date: Thu, 20 Feb 2014 15:51:22 -0800 [thread overview]
Message-ID: <20140220234842.662336976@linuxfoundation.org> (raw)
In-Reply-To: <20140220234842.483343851@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
commit 1f802f8249a0da536877842c43c7204064c4de8b upstream.
This reverts commit e120cc0dcf2880a4c5c0a6cb27b655600a1cfa1d.
It causes a NULL pointer dereference with drivers using the generic
spi_transfer_one_message(), which always calls
spi_finalize_current_message(), which zeroes master->cur_msg.
Drivers implementing transfer_one_message() theirselves must always call
spi_finalize_current_message(), even if the transfer failed:
* @transfer_one_message: the subsystem calls the driver to transfer a single
* message while queuing transfers that arrive in the meantime. When the
* driver is finished with this message, it must call
* spi_finalize_current_message() so the subsystem can issue the next
* transfer
Signed-off-by: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -572,9 +572,7 @@ static void spi_pump_messages(struct kth
ret = master->transfer_one_message(master, master->cur_msg);
if (ret) {
dev_err(&master->dev,
- "failed to transfer one message from queue: %d\n", ret);
- master->cur_msg->status = ret;
- spi_finalize_current_message(master);
+ "failed to transfer one message from queue\n");
return;
}
}
next prev parent reply other threads:[~2014-02-21 1:05 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-20 23:51 [PATCH 3.4 00/25] 3.4.82-stable review Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 01/25] xen-blkfront: handle backend CLOSED without CLOSING Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 02/25] fs/file.c:fdtable: avoid triggering OOMs from alloc_fdmem Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 03/25] mac80211: fix fragmentation code, particularly for encryption Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 04/25] s390/dump: Fix dump memory detection Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 05/25] s390: fix kernel crash due to linkage stack instructions Greg Kroah-Hartman
2014-02-20 23:51 ` Greg Kroah-Hartman [this message]
2014-02-20 23:51 ` [PATCH 3.4 07/25] raw: test against runtime value of max_raw_minors Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 08/25] lockd: send correct lock when granting a delayed lock Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 09/25] tty: n_gsm: Fix for modems with brk in modem status control Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 10/25] staging:iio:ad799x fix error_free_irq which was freeing an irq that may not have been requested Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 12/25] USB: ftdi_sio: add Tagsys RFID Reader IDs Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 13/25] usb-storage: add unusual-devs entry for BlackBerry 9000 Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 14/25] usb-storage: restrict bcdDevice range for Super Top in Cypress ATACB Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 15/25] usb-storage: enable multi-LUN scanning when needed Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 16/25] usb: option: blacklist ZTE MF667 net interface Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 17/25] Modpost: fixed USB alias generation for ranges including 0x9 and 0xA Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 18/25] block: add cond_resched() to potentially long running ioctl discard loop Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 19/25] IB/qib: Add missing serdes init sequence Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 20/25] KVM: return an error code in kvm_vm_ioctl_register_coalesced_mmio() Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 21/25] md/raid5: Fix CPU hotplug callback registration Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 22/25] time: Fix overflow when HZ is smaller than 60 Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 23/25] power: max17040: Fix NULL pointer dereference when there is no platform_data Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 24/25] ring-buffer: Fix first commit on sub-buffer having non-zero delta Greg Kroah-Hartman
2014-02-20 23:51 ` [PATCH 3.4 25/25] genirq: Add missing irq_to_desc export for CONFIG_SPARSE_IRQ=n Greg Kroah-Hartman
2014-02-21 5:05 ` [PATCH 3.4 00/25] 3.4.82-stable review Guenter Roeck
2014-02-21 23:40 ` Shuah Khan
2014-02-22 20:45 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140220234842.662336976@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=broonie@linaro.org \
--cc=geert+renesas@linux-m68k.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.