Re: [PATCH 3.12 037/107] spidev: fix hang when transfer_one_message fails

[Greg Kroah-Hartman]

On Thu, Feb 20, 2014 at 01:42:08PM +0100, Geert Uytterhoeven wrote:
> On Tue, Feb 11, 2014 at 8:05 PM, Greg Kroah-Hartman
> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > 3.12-stable review patch.  If anyone has any objections, please let me know.
> 
> Sorry for not noticing this was queued up for stable before, but this
> patch was reverted in mainline:
> 
> commit 1f802f8249a0da536877842c43c7204064c4de8b
> Author: Geert Uytterhoeven <geert+renesas@xxxxxxxxxxxxxx>
> Date:   Tue Jan 28 10:33:03 2014 +0100
> 
>     spi: Fix crash with double message finalisation on error handling
> 
>     This reverts commit e120cc0dcf2880a4c5c0a6cb27b655600a1cfa1d.
> 
>     It causes a NULL pointer dereference with drivers using the generic
>     spi_transfer_one_message(), which always calls
>     spi_finalize_current_message(), which zeroes master->cur_msg.
> 
>     Drivers implementing transfer_one_message() theirselves must always call
>     spi_finalize_current_message(), even if the transfer failed:
> 
>      * @transfer_one_message: the subsystem calls the driver to transfer a singl
>      *      message while queuing transfers that arrive in the meantime. When th
>      *      driver is finished with this message, it must call
>      *      spi_finalize_current_message() so the subsystem can issue the next
>      *      transfer
> 
>     Signed-off-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxxxxxxx>
>     Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>

Thanks for catching this, I've queued it up now.

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/