Re: [PATCH] spi: core: Fix Oops in spi_pump_messages error path

[Geert Uytterhoeven]

On Mon, Feb 17, 2014 at 6:20 PM, Maxime Ripard
<maxime.ripard@xxxxxxxxxxxxxxxxxx> wrote:
> When the generic implementation of the transfer_one_message callback was called
> by the spi_pump_messages function, if that transfer was to fail, the
> spi_finalize_current_message was called twice, once in
> spi_transfer_one_message, and one in spi_pump_messages.
>
> This was causing a null pointer dereference in the second call, because the
> first one set the ->cur_msg field to NULL.
>
> Since the SPI framework expect the transfer_one_message callback to call
> spi_finalize_current_message, we can remove it from spi_pump_messages, together
> with any dereference of the ->cur_msg pointer.
>
> Signed-off-by: Maxime Ripard <maxime.ripard@xxxxxxxxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx

Already fixed in v3.14-rc3 in 1f802f8249a0da536877842c43c7204064c4de8b
("spi: Fix crash with double message finalisation on error handling").

There's no need to inform stable, as the problem was introduced in v3.14-rc1.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/