From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Thu, 20 Feb 2014 13:41:47 -0800 From: Greg Kroah-Hartman To: Geert Uytterhoeven Cc: "linux-kernel@vger.kernel.org" , stable , Daniel Santos , Mark Brown Subject: Re: [PATCH 3.12 037/107] spidev: fix hang when transfer_one_message fails Message-ID: <20140220214147.GA25193@kroah.com> References: <20140211184748.191276235@linuxfoundation.org> <20140211184749.254574462@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-ID: On Thu, Feb 20, 2014 at 01:42:08PM +0100, Geert Uytterhoeven wrote: > On Tue, Feb 11, 2014 at 8:05 PM, Greg Kroah-Hartman > wrote: > > 3.12-stable review patch. If anyone has any objections, please let me know. > > Sorry for not noticing this was queued up for stable before, but this > patch was reverted in mainline: > > commit 1f802f8249a0da536877842c43c7204064c4de8b > Author: Geert Uytterhoeven > Date: Tue Jan 28 10:33:03 2014 +0100 > > spi: Fix crash with double message finalisation on error handling > > This reverts commit e120cc0dcf2880a4c5c0a6cb27b655600a1cfa1d. > > It causes a NULL pointer dereference with drivers using the generic > spi_transfer_one_message(), which always calls > spi_finalize_current_message(), which zeroes master->cur_msg. > > Drivers implementing transfer_one_message() theirselves must always call > spi_finalize_current_message(), even if the transfer failed: > > * @transfer_one_message: the subsystem calls the driver to transfer a singl > * message while queuing transfers that arrive in the meantime. When th > * driver is finished with this message, it must call > * spi_finalize_current_message() so the subsystem can issue the next > * transfer > > Signed-off-by: Geert Uytterhoeven > Signed-off-by: Mark Brown Thanks for catching this, I've queued it up now. greg k-h