[PATCH 5.9 062/255] spi: fsl-dspi: fix wrong pointer in suspend/resume

From: Greg Kroah-Hartman
Date: Tue Nov 17 2020 - 08:34:27 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.9 063/255] PCI: mvebu: Fix duplicate resource requests"
Previous message: Greg Kroah-Hartman: "[PATCH 5.9 084/255] selftests/ftrace: check for do_sys_openat2 in user-memory test"
In reply to: Greg Kroah-Hartman: "[PATCH 5.9 084/255] selftests/ftrace: check for do_sys_openat2 in user-memory test"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.9 063/255] PCI: mvebu: Fix duplicate resource requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Zhao Qiang <qiang.zhao@xxxxxxx>

[ Upstream commit 9bd77a9ce31dd242fece27219d14fbee5068dd85 ]

Since commit 530b5affc675 ("spi: fsl-dspi: fix use-after-free in
remove path"), this driver causes a "NULL pointer dereference"
in dspi_suspend/resume.
This is because since this commit, the drivers private data point to
"dspi" instead of "ctlr", the codes in suspend and resume func were
not modified correspondly.

Fixes: 530b5affc675 ("spi: fsl-dspi: fix use-after-free in remove path")
Signed-off-by: Zhao Qiang <qiang.zhao@xxxxxxx>
Reviewed-by: Vladimir Oltean <olteanv@xxxxxxxxx>
Link: https://lore.kernel.org/r/20201103020546.1822-1-qiang.zhao@xxxxxxx
Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/spi/spi-fsl-dspi.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c
index 108a7d50d2c37..a96762ffb70b6 100644
--- a/drivers/spi/spi-fsl-dspi.c
+++ b/drivers/spi/spi-fsl-dspi.c
@@ -1106,12 +1106,11 @@ MODULE_DEVICE_TABLE(of, fsl_dspi_dt_ids);
#ifdef CONFIG_PM_SLEEP
static int dspi_suspend(struct device *dev)
{
- struct spi_controller *ctlr = dev_get_drvdata(dev);
- struct fsl_dspi *dspi = spi_controller_get_devdata(ctlr);
+ struct fsl_dspi *dspi = dev_get_drvdata(dev);

if (dspi->irq)
disable_irq(dspi->irq);
- spi_controller_suspend(ctlr);
+ spi_controller_suspend(dspi->ctlr);
clk_disable_unprepare(dspi->clk);

pinctrl_pm_select_sleep_state(dev);
@@ -1121,8 +1120,7 @@ static int dspi_suspend(struct device *dev)

static int dspi_resume(struct device *dev)
{
- struct spi_controller *ctlr = dev_get_drvdata(dev);
- struct fsl_dspi *dspi = spi_controller_get_devdata(ctlr);
+ struct fsl_dspi *dspi = dev_get_drvdata(dev);
int ret;

pinctrl_pm_select_default_state(dev);
@@ -1130,7 +1128,7 @@ static int dspi_resume(struct device *dev)
ret = clk_prepare_enable(dspi->clk);
if (ret)
return ret;
- spi_controller_resume(ctlr);
+ spi_controller_resume(dspi->ctlr);
if (dspi->irq)
enable_irq(dspi->irq);

--
2.27.0

Next message: Greg Kroah-Hartman: "[PATCH 5.9 063/255] PCI: mvebu: Fix duplicate resource requests"
Previous message: Greg Kroah-Hartman: "[PATCH 5.9 084/255] selftests/ftrace: check for do_sys_openat2 in user-memory test"
In reply to: Greg Kroah-Hartman: "[PATCH 5.9 084/255] selftests/ftrace: check for do_sys_openat2 in user-memory test"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.9 063/255] PCI: mvebu: Fix duplicate resource requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]