linux

History

Mika Westerberg 03c5a83d8c spi/pxa2xx: Clear cur_chip pointer before starting next message commit `c957e8f084` upstream. Once the current message is finished, the driver notifies SPI core about this by calling spi_finalize_current_message(). This function queues next message to be transferred. If there are more messages in the queue, it is possible that the driver is asked to transfer the next message at this point. When spi_finalize_current_message() returns the driver clears the drv_data->cur_chip pointer to NULL. The problem is that if the driver already started the next message clearing drv_data->cur_chip will cause NULL pointer dereference which crashes the kernel like: BUG: unable to handle kernel NULL pointer dereference at 0000000000000048 IP: [<ffffffffa0022bc8>] cs_deassert+0x18/0x70 [spi_pxa2xx_platform] PGD 78bb8067 PUD 37712067 PMD 0 Oops: 0000 [#1] SMP Modules linked in: CPU: 1 PID: 11 Comm: ksoftirqd/1 Tainted: G O 3.18.0-rc4-mjo #5 Hardware name: Intel Corp. VALLEYVIEW B3 PLATFORM/NOTEBOOK, BIOS MNW2CRB1.X64.0071.R30.1408131301 08/13/2014 task: ffff880077f9f290 ti: ffff88007a820000 task.ti: ffff88007a820000 RIP: 0010:[<ffffffffa0022bc8>] [<ffffffffa0022bc8>] cs_deassert+0x18/0x70 [spi_pxa2xx_platform] RSP: 0018:ffff88007a823d08 EFLAGS: 00010202 RAX: 0000000000000008 RBX: ffff8800379a4430 RCX: 0000000000000026 RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff8800379a4430 RBP: ffff88007a823d18 R08: 00000000ffffffff R09: 000000007a9bc65a R10: 000000000000028f R11: 0000000000000005 R12: ffff880070123e98 R13: ffff880070123de8 R14: 0000000000000100 R15: ffffc90004888000 FS: 0000000000000000(0000) GS:ffff880079a80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000048 CR3: 000000007029b000 CR4: 00000000001007e0 Stack: ffff88007a823d58 ffff8800379a4430 ffff88007a823d48 ffffffffa0022c89 0000000000000000 ffff8800379a4430 0000000000000000 0000000000000006 ffff88007a823da8 ffffffffa0023be0 ffff88007a823dd8 ffffffff81076204 Call Trace: [<ffffffffa0022c89>] giveback+0x69/0xa0 [spi_pxa2xx_platform] [<ffffffffa0023be0>] pump_transfers+0x710/0x740 [spi_pxa2xx_platform] [<ffffffff81076204>] ? pick_next_task_fair+0x744/0x830 [<ffffffff81049679>] tasklet_action+0xa9/0xe0 [<ffffffff81049a0e>] __do_softirq+0xee/0x280 [<ffffffff81049bc0>] run_ksoftirqd+0x20/0x40 [<ffffffff810646df>] smpboot_thread_fn+0xff/0x1b0 [<ffffffff810645e0>] ? SyS_setgroups+0x150/0x150 [<ffffffff81060f9d>] kthread+0xcd/0xf0 [<ffffffff81060ed0>] ? kthread_create_on_node+0x180/0x180 [<ffffffff8187a82c>] ret_from_fork+0x7c/0xb0 Fix this by clearing drv_data->cur_chip before we call spi_finalize_current_message(). Reported-by: Martin Oldfield <m@mjoldfield.com> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Acked-by: Robert Jarzmik <robert.jarzmik@free.fr> Signed-off-by: Mark Brown <broonie@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2015-02-05 22:35:50 -08:00
..
Kconfig	spi: rspi: Document support for Renesas QSPI in Kconfig	2014-02-04 19:22:30 +00:00
Makefile
spi-altera.c
spi-ath79.c	spi: spi-ath79: fix initial GPIO CS line setup	2014-03-03 12:38:52 +08:00
spi-atmel.c	spi: atmel: add missing spi_master_{resume,suspend} calls to PM callbacks	2014-03-05 11:59:53 +08:00
spi-au1550.c
spi-bcm63xx-hsspi.c
spi-bcm63xx.c	Merge remote-tracking branches 'spi/topic/bcm2835', 'spi/topic/bcm63xx', 'spi/topic/bcm63xx-hsspi', 'spi/topic/bitbang', 'spi/topic/bpw', 'spi/topic/clps711x', 'spi/topic/coldfire', 'spi/topic/davinci', 'spi/topic/dw' and 'spi/topic/falcon' into spi-linus	2014-01-23 13:07:05 +00:00
spi-bcm2835.c
spi-bfin5xx.c
spi-bfin-sport.c
spi-bfin-v3.c
spi-bitbang-txrx.h	spi: bitbang: Grammar s/make to make/to make/	2014-01-13 11:24:21 +00:00
spi-bitbang.c
spi-butterfly.c
spi-clps711x.c	spi: clps711x: Add MODULE_ALIAS to support module auto-loading	2014-01-14 14:21:43 +00:00
spi-coldfire-qspi.c	spi: coldfire-qspi: Fix getting correct address for *mcfqspi	2014-03-05 11:53:08 +08:00
spi-davinci.c	Merge remote-tracking branches 'spi/topic/bcm2835', 'spi/topic/bcm63xx', 'spi/topic/bcm63xx-hsspi', 'spi/topic/bitbang', 'spi/topic/bpw', 'spi/topic/clps711x', 'spi/topic/coldfire', 'spi/topic/davinci', 'spi/topic/dw' and 'spi/topic/falcon' into spi-linus	2014-01-23 13:07:05 +00:00
spi-dw-mid.c	spi: dw-mid: fix FIFO size	2015-02-05 22:35:48 -08:00
spi-dw-mmio.c
spi-dw-pci.c	spi: dw-pci: fix bug when regs left uninitialized	2014-10-05 14:52:16 -07:00
spi-dw.c	spi: dw: Fix dynamic speed change.	2014-12-06 15:55:38 -08:00
spi-dw.h
spi-efm32.c	spi: efm32: use $vendor,$device scheme for compatible string	2014-05-06 07:59:24 -07:00
spi-ep93xx.c
spi-falcon.c
spi-fsl-cpm.c
spi-fsl-cpm.h
spi-fsl-dspi.c	spi: fsl-dspi: Fix CTAR selection	2014-11-14 09:00:05 -08:00
spi-fsl-espi.c
spi-fsl-lib.c
spi-fsl-lib.h
spi-fsl-spi.c	spi: fsl: Fix problem with multi message transfers	2015-01-16 06:59:34 -08:00
spi-fsl-spi.h
spi-gpio.c
spi-imx.c	spi: spi-imx: spi_imx_remove: do not disable disabled clocks	2014-02-28 15:14:54 +09:00
spi-lm70llp.c
spi-mpc52xx-psc.c
spi-mpc52xx.c
spi-mpc512x-psc.c	Merge remote-tracking branch 'agust/next' into next	2014-01-29 16:53:55 +11:00
spi-mxs.c	spi: Remove duplicate code to set default bits_per_word setting	2014-01-17 15:54:22 +00:00
spi-nuc900.c	spi: nuc900: Set SPI_LSB_FIRST for master->mode_bits if hw->pdata->lsb is true	2014-02-04 20:32:58 +00:00
spi-oc-tiny.c
spi-octeon.c
spi-omap2-mcspi.c	spi/omap-mcspi: Fix the spi task hangs waiting dma_rx	2014-10-05 14:52:15 -07:00
spi-omap-100k.c
spi-omap-uwire.c
spi-orion.c	spi: orion: fix incorrect handling of cell-index DT property	2014-09-17 09:19:07 -07:00
spi-pl022.c	spi: pl022: Fix incorrect dma_unmap_sg	2014-11-14 09:00:04 -08:00
spi-ppc4xx.c
spi-pxa2xx-dma.c
spi-pxa2xx-pci.c
spi-pxa2xx-pxadma.c
spi-pxa2xx.c	spi/pxa2xx: Clear cur_chip pointer before starting next message	2015-02-05 22:35:50 -08:00
spi-pxa2xx.h
spi-rspi.c	Merge commit 'spi/fix/rcar' into spi-linus	2014-01-23 13:13:30 +00:00
spi-s3c24xx-fiq.h
spi-s3c24xx-fiq.S
spi-s3c24xx.c
spi-s3c64xx.c	spi/s3c64xx: Correct indentation	2014-01-13 11:30:41 +00:00
spi-sc18is602.c	Merge commit 'spi/topic/sc18is602' into spi-linus	2014-01-23 13:14:15 +00:00
spi-sh-hspi.c	Merge remote-tracking branches 'spi/topic/fsl-espi', 'spi/topic/gpio', 'spi/topic/hspi', 'spi/topic/mpc512x', 'spi/topic/msiof', 'spi/topic/nuc900', 'spi/topic/oc-tiny', 'spi/topic/omap', 'spi/topic/orion' and 'spi/topic/pci' into spi-linus	2014-01-23 13:07:09 +00:00
spi-sh-msiof.c	Merge remote-tracking branches 'spi/topic/fsl-espi', 'spi/topic/gpio', 'spi/topic/hspi', 'spi/topic/mpc512x', 'spi/topic/msiof', 'spi/topic/nuc900', 'spi/topic/oc-tiny', 'spi/topic/omap', 'spi/topic/orion' and 'spi/topic/pci' into spi-linus	2014-01-23 13:07:09 +00:00
spi-sh-sci.c
spi-sh.c	Merge remote-tracking branches 'spi/topic/pxa2xx', 'spi/topic/qspi', 'spi/topic/s3c24xx', 'spi/topic/s3c64xx', 'spi/topic/sh', 'spi/topic/tegra114', 'spi/topic/tegra20-sflash', 'spi/topic/tegra20-slink', 'spi/topic/txx9' and 'spi/topic/xcomm' into spi-linus	2014-01-23 13:07:14 +00:00
spi-sirf.c	spi: Remove duplicate code to set default bits_per_word setting	2014-01-17 15:54:22 +00:00
spi-tegra20-sflash.c	spi: Updates for v3.14	2014-01-25 13:20:36 -08:00
spi-tegra20-slink.c	spi: Updates for v3.14	2014-01-25 13:20:36 -08:00
spi-tegra114.c	spi: Updates for v3.14	2014-01-25 13:20:36 -08:00
spi-ti-qspi.c	Merge remote-tracking branches 'spi/topic/pxa2xx', 'spi/topic/qspi', 'spi/topic/s3c24xx', 'spi/topic/s3c64xx', 'spi/topic/sh', 'spi/topic/tegra114', 'spi/topic/tegra20-sflash', 'spi/topic/tegra20-slink', 'spi/topic/txx9' and 'spi/topic/xcomm' into spi-linus	2014-01-23 13:07:14 +00:00
spi-ti-ssp.c
spi-tle62x0.c
spi-topcliff-pch.c	spi-topcliff-pch: Fix probing when DMA mode is used	2014-02-27 13:37:10 +09:00
spi-txx9.c	Merge remote-tracking branches 'spi/topic/pxa2xx', 'spi/topic/qspi', 'spi/topic/s3c24xx', 'spi/topic/s3c64xx', 'spi/topic/sh', 'spi/topic/tegra114', 'spi/topic/tegra20-sflash', 'spi/topic/tegra20-slink', 'spi/topic/txx9' and 'spi/topic/xcomm' into spi-linus	2014-01-23 13:07:14 +00:00
spi-xcomm.c
spi-xilinx.c
spi.c	spi: core: Ignore unsupported Dual/Quad Transfer Mode bits	2014-06-07 10:28:28 -07:00
spidev.c