aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGeert Uytterhoeven <geert+renesas@linux-m68k.org>2014-01-28 10:33:03 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2014-02-22 12:41:26 -0800
commit69823005940b266fe1ceddbc4c8f1393dbd12cb0 (patch)
tree25676ed962e31956fd02cad7eb092fe938092647
parentedb11a9bbf10f5056a36a39067ab04cf34447e1d (diff)
downloadlinux-69823005940b266fe1ceddbc4c8f1393dbd12cb0.tar.gz
spi: Fix crash with double message finalisation on error handling
commit 1f802f8249a0da536877842c43c7204064c4de8b upstream. This reverts commit e120cc0dcf2880a4c5c0a6cb27b655600a1cfa1d. It causes a NULL pointer dereference with drivers using the generic spi_transfer_one_message(), which always calls spi_finalize_current_message(), which zeroes master->cur_msg. Drivers implementing transfer_one_message() theirselves must always call spi_finalize_current_message(), even if the transfer failed: * @transfer_one_message: the subsystem calls the driver to transfer a single * message while queuing transfers that arrive in the meantime. When the * driver is finished with this message, it must call * spi_finalize_current_message() so the subsystem can issue the next * transfer Signed-off-by: Geert Uytterhoeven <geert+renesas@linux-m68k.org> Signed-off-by: Mark Brown <broonie@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/spi/spi.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index ca99ac9295c..32b7bb111eb 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -584,9 +584,7 @@ static void spi_pump_messages(struct kthread_work *work)
ret = master->transfer_one_message(master, master->cur_msg);
if (ret) {
dev_err(&master->dev,
- "failed to transfer one message from queue: %d\n", ret);
- master->cur_msg->status = ret;
- spi_finalize_current_message(master);
+ "failed to transfer one message from queue\n");
return;
}
}