Hi Geert,
On Mon, Feb 17, 2014 at 07:02:09PM +0100, Geert Uytterhoeven wrote:
> On Mon, Feb 17, 2014 at 6:20 PM, Maxime Ripard
> <maxime.ripard@xxxxxxxxxxxxxxxxxx> wrote:
> > When the generic implementation of the transfer_one_message callback was called
> > by the spi_pump_messages function, if that transfer was to fail, the
> > spi_finalize_current_message was called twice, once in
> > spi_transfer_one_message, and one in spi_pump_messages.
> >
> > This was causing a null pointer dereference in the second call, because the
> > first one set the ->cur_msg field to NULL.
> >
> > Since the SPI framework expect the transfer_one_message callback to call
> > spi_finalize_current_message, we can remove it from spi_pump_messages, together
> > with any dereference of the ->cur_msg pointer.
> >
> > Signed-off-by: Maxime Ripard <maxime.ripard@xxxxxxxxxxxxxxxxxx>
> > Cc: stable@xxxxxxxxxxxxxxx
>
> Already fixed in v3.14-rc3 in 1f802f8249a0da536877842c43c7204064c4de8b
> ("spi: Fix crash with double message finalisation on error handling").
>
> There's no need to inform stable, as the problem was introduced in v3.14-rc1.
Oops, totally missed that. Thanks!
Maxime
--
Maxime Ripard, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
Attachment:
signature.asc
Description: Digital signature
