Re: [PATCH] spi/pxa2xx: Clear cur_chip pointer before starting next message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Dec 04, 2014 at 10:01:06PM +0100, Robert Jarzmik wrote:
> Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx> writes:
> 
> > Once the current message is finished, the driver notifies SPI core about
> > this by calling spi_finalize_current_message(). This function queues next
> > message to be transferred. If there are more messages in the queue, it is
> > possible that the driver is asked to transfer the next message at this
> > point.
> >
> > When spi_finalize_current_message() returns the driver clears the
> > drv_data->cur_chip pointer to NULL. The problem is that if the driver
> > already started the next message clearing drv_data->cur_chip will cause
> > NULL pointer dereference which crashes the kernel like:
> ..zip..
> > Fix this by clearing drv_data->cur_chip before we call
> > spi_finalize_current_message().
> 
> So with your change, we have :
>   	drv_data->cur_chip = NULL;
> 	spi_finalize_current_message(drv_data->master);
> 
> In that case, if spi_finalize_current_message() queues another message, upon
> this next message completion, won't giveback() be called, and dereference
> cur_chip as well ?

When the next message is started pxa2xx_spi_transfer_one_message() gets
called and that will set cur_chip again.
--
To unsubscribe from this list: send the line "unsubscribe linux-spi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Linux ARM (vger)]     [Linux ARM MSM]     [Linux Omap]     [Linux Arm]     [Linux Tegra]     [Fedora ARM]     [Linux for Samsung SOC]     [eCos]     [Linux Fastboot]     [Gcc Help]     [Git]     [DCCP]     [IETF Announce]     [Security]     [Linux MIPS]     [Yosemite Campsites]

  Powered by Linux