From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:42635 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754216AbbJRCax (ORCPT ); Sat, 17 Oct 2015 22:30:53 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sudip Mukherjee , Jarkko Nikula , Mark Brown Subject: [PATCH 4.1 056/202] spi: spidev: fix possible NULL dereference Date: Sat, 17 Oct 2015 18:57:19 -0700 Message-Id: <20151018014904.513160201@linuxfoundation.org> In-Reply-To: <20151018014901.946875729@linuxfoundation.org> References: <20151018014901.946875729@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Sender: stable-owner@vger.kernel.org List-ID: 4.1-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sudip Mukherjee commit dd85ebf681ef0ee1fc985c353dd45e8b53b5dc1e upstream. During the last close we are freeing spidev if spidev->spi is NULL, but just before checking if spidev->spi is NULL we are dereferencing it. Lets add a check there to avoid the NULL dereference. Fixes: 9169051617df ("spi: spidev: Don't mangle max_speed_hz in underlying spi device") Signed-off-by: Sudip Mukherjee Reviewed-by: Jarkko Nikula Tested-by: Jarkko Nikula Signed-off-by: Mark Brown Signed-off-by: Greg Kroah-Hartman --- drivers/spi/spidev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/spi/spidev.c +++ b/drivers/spi/spidev.c @@ -664,7 +664,8 @@ static int spidev_release(struct inode * kfree(spidev->rx_buffer); spidev->rx_buffer = NULL; - spidev->speed_hz = spidev->spi->max_speed_hz; + if (spidev->spi) + spidev->speed_hz = spidev->spi->max_speed_hz; /* ... after we unbound from the underlying device? */ spin_lock_irq(&spidev->spi_lock);