This is a note to let you know that I've just added the patch titled spi: Fix crash with double message finalisation on error handling to the 3.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: spi-fix-crash-with-double-message-finalisation-on-error-handling.patch and it can be found in the queue-3.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 1f802f8249a0da536877842c43c7204064c4de8b Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas@xxxxxxxxxxxxxx> Date: Tue, 28 Jan 2014 10:33:03 +0100 Subject: spi: Fix crash with double message finalisation on error handling From: Geert Uytterhoeven <geert+renesas@xxxxxxxxxxxxxx> commit 1f802f8249a0da536877842c43c7204064c4de8b upstream. This reverts commit e120cc0dcf2880a4c5c0a6cb27b655600a1cfa1d. It causes a NULL pointer dereference with drivers using the generic spi_transfer_one_message(), which always calls spi_finalize_current_message(), which zeroes master->cur_msg. Drivers implementing transfer_one_message() theirselves must always call spi_finalize_current_message(), even if the transfer failed: * @transfer_one_message: the subsystem calls the driver to transfer a single * message while queuing transfers that arrive in the meantime. When the * driver is finished with this message, it must call * spi_finalize_current_message() so the subsystem can issue the next * transfer Signed-off-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxxxxxxx> Signed-off-by: Mark Brown <broonie@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/spi/spi.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -584,9 +584,7 @@ static void spi_pump_messages(struct kth ret = master->transfer_one_message(master, master->cur_msg); if (ret) { dev_err(&master->dev, - "failed to transfer one message from queue: %d\n", ret); - master->cur_msg->status = ret; - spi_finalize_current_message(master); + "failed to transfer one message from queue\n"); return; } } Patches currently in stable-queue which might be from geert+renesas@xxxxxxxxxxxxxx are queue-3.10/spi-fix-crash-with-double-message-finalisation-on-error-handling.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html