linux/drivers/spi
YueHaibing 5caaf29af5
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
If spi_register_master fails in spi_bitbang_start
because device_add failure, We should return the
error code other than 0, otherwise calling
spi_bitbang_stop may trigger NULL pointer dereference
like this:

BUG: KASAN: null-ptr-deref in __list_del_entry_valid+0x45/0xd0
Read of size 8 at addr 0000000000000000 by task syz-executor.0/3661

CPU: 0 PID: 3661 Comm: syz-executor.0 Not tainted 5.1.0+ #28
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
 dump_stack+0xa9/0x10e
 ? __list_del_entry_valid+0x45/0xd0
 ? __list_del_entry_valid+0x45/0xd0
 __kasan_report+0x171/0x18d
 ? __list_del_entry_valid+0x45/0xd0
 kasan_report+0xe/0x20
 __list_del_entry_valid+0x45/0xd0
 spi_unregister_controller+0x99/0x1b0
 spi_lm70llp_attach+0x3ae/0x4b0 [spi_lm70llp]
 ? 0xffffffffc1128000
 ? klist_next+0x131/0x1e0
 ? driver_detach+0x40/0x40 [parport]
 port_check+0x3b/0x50 [parport]
 bus_for_each_dev+0x115/0x180
 ? subsys_dev_iter_exit+0x20/0x20
 __parport_register_driver+0x1f0/0x210 [parport]
 ? 0xffffffffc1150000
 do_one_initcall+0xb9/0x3b5
 ? perf_trace_initcall_level+0x270/0x270
 ? kasan_unpoison_shadow+0x30/0x40
 ? kasan_unpoison_shadow+0x30/0x40
 do_init_module+0xe0/0x330
 load_module+0x38eb/0x4270
 ? module_frob_arch_sections+0x20/0x20
 ? kernel_read_file+0x188/0x3f0
 ? find_held_lock+0x6d/0xd0
 ? fput_many+0x1a/0xe0
 ? __do_sys_finit_module+0x162/0x190
 __do_sys_finit_module+0x162/0x190
 ? __ia32_sys_init_module+0x40/0x40
 ? __mutex_unlock_slowpath+0xb4/0x3f0
 ? wait_for_completion+0x240/0x240
 ? vfs_write+0x160/0x2a0
 ? lockdep_hardirqs_off+0xb5/0x100
 ? mark_held_locks+0x1a/0x90
 ? do_syscall_64+0x14/0x2a0
 do_syscall_64+0x72/0x2a0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 702a4879ec ("spi: bitbang: Let spi_bitbang_start() take a reference to master")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
2019-05-16 11:16:43 +01:00
..
atmel-quadspi.c spi: atmel-quadspi: Make atmel_qspi_get_name static 2019-03-25 12:13:10 +00:00
internals.h spi: Add an helper to flush the message queue 2018-04-23 15:48:18 +01:00
Kconfig spi: spi-mem: Add support for Zynq QSPI controller 2019-04-05 10:24:49 +07:00
Makefile spi: spi-mem: Add support for Zynq QSPI controller 2019-04-05 10:24:49 +07:00
spi-altera.c spi: altera: Consolidate TX/RX data register access 2017-08-16 11:53:31 +01:00
spi-armada-3700.c Merge remote-tracking branches 'spi/topic/a3700', 'spi/topic/atmel', 'spi/topic/bcm53xx', 'spi/topic/davinci' and 'spi/topic/dw' into spi-next 2018-01-26 17:57:24 +00:00
spi-at91-usart.c spi: at91-usart: Remove duplicated checking for spi->bits_per_word 2019-03-25 12:13:20 +00:00
spi-ath79.c spi: ath79: Remove now useless code 2019-01-17 12:34:55 +00:00
spi-atmel.c spi-atmel: support inter-word delay 2019-01-30 23:02:11 +00:00
spi-au1550.c
spi-axi-spi-engine.c spi: spi-axi: fix potential use-after-free after deregistration 2017-10-31 11:15:10 +00:00
spi-bcm63xx-hsspi.c spi/bcm63xx-hsspi: keep pll clk enabled 2018-09-18 09:16:34 -07:00
spi-bcm63xx.c spi/bcm63xx: fix error return code in bcm63xx_spi_probe() 2017-08-08 11:36:35 +01:00
spi-bcm2835.c spi/spi-bcm2835: Split transfers that exceed DLEN 2019-05-02 10:37:55 +09:00
spi-bcm2835aux.c spi: bcm2835aux: Fix build error without CONFIG_DEBUG_FS 2019-04-08 14:06:14 +07:00
spi-bcm-qspi.c spi: bcm-qspi: switch back to reading flash using smaller chunks 2018-10-11 15:00:34 +01:00
spi-bcm-qspi.h
spi-bitbang-txrx.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
spi-bitbang.c spi: bitbang: Fix NULL pointer dereference in spi_unregister_master 2019-05-16 11:16:43 +01:00
spi-brcmstb-qspi.c
spi-butterfly.c spi: add flags parameter to txrx_word function pointers 2018-08-01 14:50:24 +01:00
spi-cadence.c spi: cadence: Fix default polarity of native chipselect 2019-01-24 19:03:11 +00:00
spi-cavium-octeon.c
spi-cavium-thunderx.c
spi-cavium.c
spi-cavium.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
spi-clps711x.c spi: clps711x: Convert to use CS GPIO descriptors 2019-01-09 12:41:58 +00:00
spi-coldfire-qspi.c
spi-davinci.c spi: davinci: Get rid of dangling variable 2019-01-10 11:54:13 +00:00
spi-dln2.c
spi-dw-mid.c spi: dw: Convert to generalized SPI controller API 2018-02-12 12:04:16 +00:00
spi-dw-mmio.c spi: dw: Add support for an optional interface clock 2019-03-20 17:21:02 +00:00
spi-dw-pci.c
spi-dw.c Merge branch 'for-5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into spi-5.1 2019-02-20 17:58:18 +00:00
spi-dw.h dw: spi: add support for Amazon's Alpine spi controller 2018-10-11 15:11:04 +01:00
spi-efm32.c
spi-ep93xx.c spi: ep93xx: Convert to use CS GPIO descriptors 2019-05-02 10:37:59 +09:00
spi-falcon.c spi: spi-falcon: drop check of boot select 2017-09-01 11:33:22 +01:00
spi-fsl-cpm.c
spi-fsl-cpm.h
spi-fsl-dspi.c Merge branch 'for-5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into spi-5.1 2019-02-20 17:58:18 +00:00
spi-fsl-espi.c spi: Do not print a message if spi_controller_{suspend,resume}() fails 2018-09-05 12:38:27 +01:00
spi-fsl-lib.c
spi-fsl-lib.h spi: spi-fsl-spi: support use of the SPISEL_BOOT signal on MPC8309 2019-03-18 14:47:24 +00:00
spi-fsl-lpspi.c spi: fsl-lpspi: Clean up fsl_lpspi_probe 2019-04-08 14:08:53 +07:00
spi-fsl-qspi.c spi: spi-fsl-qspi: use devm_spi_register_controller 2019-03-13 15:18:39 +00:00
spi-fsl-spi.c spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode 2019-04-02 13:01:15 +07:00
spi-fsl-spi.h
spi-geni-qcom.c spi: spi-geni-qcom: Get rid of forward declaration 2019-01-14 12:24:05 +00:00
spi-gpio.c spi: gpio: Use devm_spi_register_master() 2019-04-08 14:11:18 +07:00
spi-img-spfi.c spi: img-spfi: Set device select bits for SPFI port state 2018-07-30 16:31:54 +01:00
spi-imx.c Merge branch 'spi-5.1' into spi-5.2 for stm32 2019-03-15 17:06:34 +00:00
spi-iproc-qspi.c
spi-jcore.c spi: jcore: disable ref_clk after getting its rate 2018-03-18 17:57:42 -07:00
spi-lantiq-ssc.c Merge remote-tracking branches 'spi/topic/devprop', 'spi/topic/fsl', 'spi/topic/fsl-dspi', 'spi/topic/imx' and 'spi/topic/lantiq' into spi-next 2017-04-26 15:58:04 +01:00
spi-lm70llp.c spi: add flags parameter to txrx_word function pointers 2018-08-01 14:50:24 +01:00
spi-loopback-test.c spi: loopback-test: implement testing with no CS 2017-07-26 13:08:56 +01:00
spi-lp8841-rtc.c
spi-mem.c spi-mem: fix kernel-doc for spi_mem_dirmap_{read|write}() 2019-04-08 14:06:51 +07:00
spi-meson-spicc.c spi: meson-spicc: Fix error handling in meson_spicc_probe() 2018-05-02 05:59:21 +09:00
spi-meson-spifc.c
spi-mpc52xx-psc.c
spi-mpc52xx.c spi: mpc52xx: Use gpio_is_valid() 2018-04-27 12:05:39 +01:00
spi-mpc512x-psc.c
spi-mt65xx.c spi: mediatek: add spi support for mt7629 IC 2018-11-27 14:17:20 +00:00
spi-mt7621.c spi: mt7621: Move SPI driver out of staging 2019-03-25 12:13:34 +00:00
spi-mxic.c spi: mxic: simplify getting .driver_data 2019-03-20 17:20:29 +00:00
spi-mxs.c spi: mxs: add tracing to custom .transfer_one_message callback 2019-01-29 15:08:58 +00:00
spi-npcm-pspi.c spi: npcm-pspi: Fix wrong priv pointer 2019-01-03 12:27:17 +00:00
spi-nuc900.c
spi-nxp-fspi.c spi: spi-mem: spi-nxp-fspi: add module license info 2019-01-29 11:55:41 +00:00
spi-oc-tiny.c treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
spi-omap2-mcspi.c spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch 2019-01-15 13:17:04 +00:00
spi-omap-100k.c
spi-omap-uwire.c
spi-orion.c spi: orion: Support spi_xfer->word_delay_usecs 2019-03-18 12:18:42 +00:00
spi-pic32-sqi.c cross-tree: phase out dma_zalloc_coherent() 2019-01-08 07:58:37 -05:00
spi-pic32.c spi: pic32: fix dma channels termination 2019-04-01 15:24:47 +07:00
spi-pl022.c spi: pl022: add a message state STATE_TIMEOUT for timeout transfer 2019-01-28 18:23:04 +00:00
spi-ppc4xx.c
spi-pxa2xx-dma.c spi: pxa2xx: Introduce DMA burst size support 2019-03-20 17:21:17 +00:00
spi-pxa2xx-pci.c spi: pxa2xx: Introduce DMA burst size support 2019-03-20 17:21:17 +00:00
spi-pxa2xx.c spi: pxa2xx: Add support for Intel Comet Lake 2019-05-02 10:37:53 +09:00
spi-pxa2xx.h pxa2xx: replace spi_master with spi_controller 2019-01-23 10:59:56 +00:00
spi-qcom-qspi.c spi: spi-qcom-qspi: Fix remaining driver nits 2018-11-22 14:38:13 +00:00
spi-qup.c spi: qup: fix 64-bit build warning 2017-08-10 15:50:23 +01:00
spi-rb4xx.c spi: rb4xx: Use SPI_BPW_MASK to set bits_per_word_mask 2018-10-10 12:48:06 +01:00
spi-rockchip.c spi: rockchip: support lsb-first mode 2018-11-05 11:42:43 +00:00
spi-rspi.c spi: rspi: Fix sequencer reset during initialization 2019-03-15 16:32:19 +00:00
spi-s3c24xx-fiq.h
spi-s3c24xx-fiq.S
spi-s3c24xx.c
spi-s3c64xx.c spi: spi-s3c64xx: Fix system resume support 2018-05-17 13:27:08 +09:00
spi-sc18is602.c
spi-sh-hspi.c spi: sh-hspi: Replace spi_master by spi_controller 2019-02-08 13:04:19 +00:00
spi-sh-msiof.c spi: sh-msiof: Convert to use GPIO descriptors 2019-04-04 13:00:47 +07:00
spi-sh-sci.c spi: add flags parameter to txrx_word function pointers 2018-08-01 14:50:24 +01:00
spi-sh.c spi: use SPDX identifier for Renesas drivers 2018-08-28 20:32:00 +01:00
spi-sifive.c spi: sifive: Remove redundant dev_err call in sifive_spi_probe() 2019-02-22 15:17:58 +00:00
spi-sirf.c spi: sirf: account for const type of of_device_id.data 2018-01-03 11:38:46 +00:00
spi-slave-mt27xx.c spi: mediatek: add spi slave for Mediatek MT2712 2018-09-28 14:29:14 +01:00
spi-slave-system-control.c spi: slave: Fix missing break in switch 2018-10-03 16:23:10 +01:00
spi-slave-time.c spi: slave: Add SPI slave handler reporting uptime at previous message 2017-05-26 13:12:04 +01:00
spi-sprd-adi.c spi: sprd: Change to use devm_hwspin_lock_request_specific() 2018-06-26 13:52:27 -07:00
spi-sprd.c Merge branch 'for-5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into spi-5.1 2019-02-20 17:58:18 +00:00
spi-st-ssc4.c spi: st-ssc4: whitespace cleanup 2017-05-26 12:41:07 +01:00
spi-stm32-qspi.c spi: stm32-qspi: manage the get_irq error case 2019-05-02 10:37:56 +09:00
spi-stm32.c spi: stm32: add support for STM32F4 2019-01-07 18:25:48 +00:00
spi-sun4i.c spi: sun4i: disable clocks in the remove function 2017-12-07 11:59:15 +00:00
spi-sun6i.c spi: sun6i: disable/unprepare clocks on remove 2017-12-07 17:45:17 +00:00
spi-tegra20-sflash.c spi: tegra20-sflash: explicitly request exclusive reset control 2017-07-19 17:06:31 +01:00
spi-tegra20-slink.c spi: tegra20-slink: change chip select action order 2019-03-27 12:33:33 +00:00
spi-tegra114.c spi: tegra114: add support for interrupt mask 2019-04-08 14:13:06 +07:00
spi-test.h
spi-ti-qspi.c spi: ti-qspi: Fix mmap read when more than one CS in use 2019-01-29 12:08:03 +00:00
spi-tle62x0.c
spi-topcliff-pch.c Merge branch 'spi-5.1' into spi-5.2 2019-04-05 10:19:10 +07:00
spi-txx9.c
spi-uniphier.c spi: uniphier: remove unnecessary include headers 2018-08-02 11:08:06 +01:00
spi-xcomm.c
spi-xilinx.c spi: xilinx: Add support for xlnx,axi-quad-spi-1.00.a 2017-11-27 16:31:20 +00:00
spi-xlp.c spi: xlp: fix error return code in xlp_spi_probe() 2017-08-08 11:36:07 +01:00
spi-xtensa-xtfpga.c spi: add flags parameter to txrx_word function pointers 2018-08-01 14:50:24 +01:00
spi-zynq-qspi.c spi: spi-mem: zynq-qspi: Fix build error on architectures missing readsl/writesl 2019-05-02 10:37:57 +09:00
spi-zynqmp-gqspi.c spi: spi-zynqmp-gqspi: simplify getting .driver_data 2018-11-05 11:54:35 +00:00
spi.c spi: Fix Raspberry Pi breakage 2019-05-09 11:27:17 +09:00
spidev.c spi: spidev: Enable control of inter-word delays 2019-03-18 12:18:28 +00:00