Re: spi: stm32-qspi: Update spi registering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Lukas

On 1/8/22 8:48 PM, Lukas Wunner wrote:
> On Thu, Jan 06, 2022 at 02:20:52PM +0100, patrice.chotard@xxxxxxxxxxx wrote:
>> --- a/drivers/spi/spi-stm32-qspi.c
>> +++ b/drivers/spi/spi-stm32-qspi.c
>> @@ -784,7 +784,7 @@ static int stm32_qspi_probe(struct platform_device *pdev)
>>  	pm_runtime_enable(dev);
>>  	pm_runtime_get_noresume(dev);
>>  
>> -	ret = devm_spi_register_master(dev, ctrl);
>> +	ret = spi_register_master(ctrl);
>>  	if (ret)
>>  		goto err_pm_runtime_free;
>>  
>> @@ -817,6 +817,7 @@ static int stm32_qspi_remove(struct platform_device *pdev)
>>  	struct stm32_qspi *qspi = platform_get_drvdata(pdev);
>>  
>>  	pm_runtime_get_sync(qspi->dev);
>> +	spi_unregister_master(qspi->ctrl);
>>  	/* disable qspi */
>>  	writel_relaxed(0, qspi->io_base + QSPI_CR);
>>  	stm32_qspi_dma_free(qspi);
> 
> NAK, this introduces a use-after-free because the "qspi" allocation
> is freed by spi_unregister_master(), yet is subsequently accessed.
> 
> You need to convert the driver to devm_spi_alloc_master() to avoid that.
> Do it in the same patch to ease backporting.

Ok i see, spi_unregister_controller() is releasing the controller if it wasn't
 previously devm allocated. I will make usage of devm_spi_alloc_master as you suggested.

> 
> Please add a stable designation and a Fixes: tag.  Chances are the patch
> needs to be backported all the way back to the release when the driver
> was first introduced.
> 
> Thanks,
> 
> Lukas
> 
Thanks
Patrice
[Index of Archives]     [Linux Kernel]     [Linux ARM (vger)]     [Linux ARM MSM]     [Linux Omap]     [Linux Arm]     [Linux Tegra]     [Fedora ARM]     [Linux for Samsung SOC]     [eCos]     [Linux Fastboot]     [Gcc Help]     [Git]     [DCCP]     [IETF Announce]     [Security]     [Linux MIPS]     [Yosemite Campsites]

  Powered by Linux