From: Geert Uytterhoeven Date: Tue, 28 Jan 2014 09:33:03 +0000 (+0100) Subject: spi: Fix crash with double message finalisation on error handling X-Git-Tag: firefly_0821_release~3679^2~2809 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=69823005940b266fe1ceddbc4c8f1393dbd12cb0;p=firefly-linux-kernel-4.4.55.git spi: Fix crash with double message finalisation on error handling commit 1f802f8249a0da536877842c43c7204064c4de8b upstream. This reverts commit e120cc0dcf2880a4c5c0a6cb27b655600a1cfa1d. It causes a NULL pointer dereference with drivers using the generic spi_transfer_one_message(), which always calls spi_finalize_current_message(), which zeroes master->cur_msg. Drivers implementing transfer_one_message() theirselves must always call spi_finalize_current_message(), even if the transfer failed: * @transfer_one_message: the subsystem calls the driver to transfer a single * message while queuing transfers that arrive in the meantime. When the * driver is finished with this message, it must call * spi_finalize_current_message() so the subsystem can issue the next * transfer Signed-off-by: Geert Uytterhoeven Signed-off-by: Mark Brown Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index ca99ac9295cf..32b7bb111eb6 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -584,9 +584,7 @@ static void spi_pump_messages(struct kthread_work *work) ret = master->transfer_one_message(master, master->cur_msg); if (ret) { dev_err(&master->dev, - "failed to transfer one message from queue: %d\n", ret); - master->cur_msg->status = ret; - spi_finalize_current_message(master); + "failed to transfer one message from queue\n"); return; } }