linux/drivers/spi
Mans Rullgard 4756fa529b
spi: fix null pointer dereference within spi_sync
If spi_sync() is called with the non-empty queue and the same spi_message
is then reused, the complete callback for the message remains set while
the context is cleared, leading to a null pointer dereference when the
callback is invoked from spi_finalize_current_message().

With function inlining disabled, the call stack might look like this:

  _raw_spin_lock_irqsave from complete_with_flags+0x18/0x58
  complete_with_flags from spi_complete+0x8/0xc
  spi_complete from spi_finalize_current_message+0xec/0x184
  spi_finalize_current_message from spi_transfer_one_message+0x2a8/0x474
  spi_transfer_one_message from __spi_pump_transfer_message+0x104/0x230
  __spi_pump_transfer_message from __spi_transfer_message_noqueue+0x30/0xc4
  __spi_transfer_message_noqueue from __spi_sync+0x204/0x248
  __spi_sync from spi_sync+0x24/0x3c
  spi_sync from mcp251xfd_regmap_crc_read+0x124/0x28c [mcp251xfd]
  mcp251xfd_regmap_crc_read [mcp251xfd] from _regmap_raw_read+0xf8/0x154
  _regmap_raw_read from _regmap_bus_read+0x44/0x70
  _regmap_bus_read from _regmap_read+0x60/0xd8
  _regmap_read from regmap_read+0x3c/0x5c
  regmap_read from mcp251xfd_alloc_can_err_skb+0x1c/0x54 [mcp251xfd]
  mcp251xfd_alloc_can_err_skb [mcp251xfd] from mcp251xfd_irq+0x194/0xe70 [mcp251xfd]
  mcp251xfd_irq [mcp251xfd] from irq_thread_fn+0x1c/0x78
  irq_thread_fn from irq_thread+0x118/0x1f4
  irq_thread from kthread+0xd8/0xf4
  kthread from ret_from_fork+0x14/0x28

Fix this by also setting message->complete to NULL when the transfer is
complete.

Fixes: ae7d2346dc ("spi: Don't use the message queue if possible in spi_sync")

Signed-off-by: Mans Rullgard <mans@mansr.com>
Link: https://lore.kernel.org/r/20240430182705.13019-1-mans@mansr.com
Signed-off-by: Mark Brown <broonie@kernel.org>
2024-05-01 11:02:48 +09:00
..
atmel-quadspi.c spi: Unify error codes by replacing -ENOTSUPP with -EOPNOTSUPP 2023-11-30 12:12:39 +00:00
internals.h
Kconfig spi: Kconfig: cap[c]ability 2024-01-29 16:17:32 +00:00
Makefile spi: Add support for Intel LJCA USB SPI driver 2023-10-11 11:33:38 +02:00
spi-altera-core.c spi: Replace all spi->chip_select and spi->cs_gpiod references with function call 2023-03-11 12:34:01 +00:00
spi-altera-dfl.c
spi-altera-platform.c
spi-amd.c spi: amd: fix Wvoid-pointer-to-enum-cast warning 2023-08-14 13:11:15 +01:00
spi-amlogic-spifc-a1.c spi: amlogic-spifc-a1: switch to use devm_spi_alloc_host() 2023-08-14 13:10:48 +01:00
spi-ar934x.c spi: ar934x: Use helper function devm_clk_get_enabled() 2023-09-11 01:31:52 +01:00
spi-armada-3700.c spi: armada-3700: Use helper function devm_clk_get_prepared() 2023-09-11 01:31:53 +01:00
spi-aspeed-smc.c spi: aspeed: Use helper function devm_clk_get_enabled() 2023-09-11 01:31:54 +01:00
spi-at91-usart.c spi: at91-usart: Remove some dead code 2023-09-25 16:27:48 +02:00
spi-ath79.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-atmel.c spi: atmel: Fix clock issue when using devices with different polarities 2023-12-14 10:56:37 +00:00
spi-au1550.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-axi-spi-engine.c spi: axi-spi-engine: fix version format string 2024-04-14 16:54:01 +09:00
spi-bcm63xx-hsspi.c spi: bcm63xx-hsspi: switch to use modern name 2023-08-07 14:38:23 +01:00
spi-bcm63xx.c spi: bcm63xx: switch to use modern name 2023-08-07 14:38:24 +01:00
spi-bcm2835.c spi: bcm2835: implement ctlr->max_transfer_size 2024-02-05 14:35:44 +00:00
spi-bcm2835aux.c spi: bcm2835aux: Use helper function devm_clk_get_enabled() 2023-09-11 01:31:57 +01:00
spi-bcm-qspi.c spi: bcm-qspi: fix SFDP BFPT read by usig mspi read 2024-01-23 13:28:03 +00:00
spi-bcm-qspi.h
spi-bcmbca-hsspi.c spi: bcmbca-hsspi: switch to use modern name 2023-08-14 13:10:59 +01:00
spi-bitbang-txrx.h spi: Get rid of old SPI_MASTER_NO_TX & SPI_MASTER_NO_RX 2023-07-11 13:41:20 +01:00
spi-bitbang.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-brcmstb-qspi.c
spi-butterfly.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-cadence-quadspi.c Linux 6.8 2024-03-18 17:30:46 +00:00
spi-cadence-xspi.c spi: cadence-xspi: Drop useless assignment to NULL 2023-11-13 01:26:38 +00:00
spi-cadence.c spi: spi-cadence: Reverse the order of interleaved write and read operations 2024-01-23 13:28:05 +00:00
spi-cavium-octeon.c spi: octeon: switch to use modern name 2023-08-07 14:38:29 +01:00
spi-cavium-thunderx.c spi: spi-cavium-thunderx: Use helper function devm_clk_get_enabled() 2023-09-11 01:31:59 +01:00
spi-cavium.c spi: cavium: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:50 +00:00
spi-cavium.h spi: cavium: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:50 +00:00
spi-clps711x.c spi: clps711x: switch to use modern name 2023-08-07 14:38:28 +01:00
spi-coldfire-qspi.c spi: coldfire-qspi: Remove an erroneous clk_disable_unprepare() from the remove function 2024-01-05 15:43:54 +00:00
spi-cs42l43.c Linux 6.8 2024-03-18 17:30:46 +00:00
spi-davinci.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-dln2.c spi: dln2: switch to use modern name 2023-08-07 14:38:32 +01:00
spi-dw-bt1.c spi: dw-bt1: Use helper function devm_clk_get_enabled() 2023-09-11 01:32:01 +01:00
spi-dw-core.c spi: dw: switch to use modern name 2023-08-07 14:38:33 +01:00
spi-dw-dma.c spi: dw: remove redundant assignment to variable len 2024-02-15 14:17:19 +00:00
spi-dw-mmio.c spi: dw: Remove Intel Thunder Bay SOC support 2023-12-13 13:39:55 +00:00
spi-dw-pci.c
spi-dw.h spi: dw: switch to use modern name 2023-08-07 14:38:33 +01:00
spi-ep93xx.c spi: ep93xx: switch to use modern name 2023-08-14 13:10:50 +01:00
spi-falcon.c spi: falcon: switch to use modern name 2023-08-14 13:10:51 +01:00
spi-fsi.c spi: fsi: switch to use spi_alloc_host() 2023-08-14 13:10:52 +01:00
spi-fsl-cpm.c spi: fsl-cpm: Properly define and use IO pointers 2023-08-09 12:52:49 +01:00
spi-fsl-cpm.h
spi-fsl-dspi.c spi: fsl-dspi: Unify error messaging in dspi_request_dma() 2024-02-05 14:35:39 +00:00
spi-fsl-espi.c spi: fsl-espi: switch to use modern name 2023-08-14 13:10:54 +01:00
spi-fsl-lib.c spi: fsl-lib: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:59 +00:00
spi-fsl-lib.h spi: fsl: Remove unused extern declarations 2023-07-25 17:40:28 +01:00
spi-fsl-lpspi.c spi: spi-fsl-lpspi: remove redundant spi_controller_put call 2024-04-03 11:04:57 +01:00
spi-fsl-qspi.c spi: fsl-qspi: switch to use modern name 2023-08-14 13:10:55 +01:00
spi-fsl-spi.c spi: fsl-spi: switch to use modern name 2023-08-14 13:10:56 +01:00
spi-fsl-spi.h
spi-geni-qcom.c spi: geni-qcom: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:51 +00:00
spi-gpio.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-gxp.c spi: spi-gxp: BUG: Correct spi write return value 2023-09-27 17:06:36 +02:00
spi-hisi-kunpeng.c spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs 2024-04-16 19:59:48 +09:00
spi-hisi-sfc-v3xx.c spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected 2024-01-23 15:05:18 +00:00
spi-img-spfi.c spi: img-spfi: switch to use modern name 2023-08-14 13:11:01 +01:00
spi-imx.c spi: spi-imx: fix off-by-one in mx51 CPU mode burst length 2024-03-18 21:06:54 +00:00
spi-ingenic.c spi: ingenic: convert not to use dma_request_slave_channel() 2023-11-20 13:13:37 +00:00
spi-intel-pci.c spi: intel-pci: Add support for Lunar Lake-M SPI serial flash 2024-02-12 13:41:35 +00:00
spi-intel-platform.c
spi-intel.c spi: intel: Keep the BIOS partition inside the first chip 2024-02-05 14:35:47 +00:00
spi-intel.h
spi-iproc-qspi.c spi: bcm-qspi: Simplify logic by using devm_platform_ioremap_resource_byname() 2023-08-21 13:10:56 +01:00
spi-jcore.c spi: jcore: switch to use modern name 2023-08-14 13:11:05 +01:00
spi-lantiq-ssc.c spi: lantiq-ssc: Use helper function devm_clk_get_enabled() 2023-09-11 01:32:03 +01:00
spi-ljca.c spi: ljca: switch to use devm_spi_alloc_host() 2023-12-11 12:55:16 +00:00
spi-lm70llp.c spi: lm70llp: fix links in doc and comments 2024-03-18 15:55:12 +00:00
spi-loongson-core.c spi: loongson: add bus driver for the loongson spi controller 2023-07-31 15:57:09 +01:00
spi-loongson-pci.c spi: loongson: add bus driver for the loongson spi controller 2023-07-31 15:57:09 +01:00
spi-loongson-plat.c spi: loongson: add bus driver for the loongson spi controller 2023-07-31 15:57:09 +01:00
spi-loongson.h spi: loongson: add bus driver for the loongson spi controller 2023-07-31 15:57:09 +01:00
spi-loopback-test.c spi: loopback-test: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:52 +00:00
spi-lp8841-rtc.c spi: lp-8841: switch to use modern name 2023-09-11 01:31:31 +01:00
spi-mem.c spi: Fix error code checking in spi_mem_exec_op() 2024-03-14 14:14:20 +00:00
spi-meson-spicc.c spi: Use devm_clk_get_*() helper function to 2023-09-11 22:43:17 +01:00
spi-meson-spifc.c spi: Use devm_clk_get_*() helper function to 2023-09-11 22:43:17 +01:00
spi-microchip-core-qspi.c spi: Use devm_clk_get_*() helper function to 2023-09-11 22:43:17 +01:00
spi-microchip-core.c spi: Use devm_clk_get_*() helper function to 2023-09-11 22:43:17 +01:00
spi-mpc52xx-psc.c spi: mpc52xx-psc: Make mpc52xx_psc_spi_transfer_one_message() static 2023-10-06 12:34:31 +01:00
spi-mpc52xx.c spi: mpc52xx: explicitly include linux/platform_device.h 2023-12-08 20:13:24 +00:00
spi-mpc512x-psc.c spi: mpc512x-psc: switch to use modern name 2023-09-11 01:31:35 +01:00
spi-mt65xx.c spi: spi-mt65xx: Fix NULL pointer access in interrupt handler 2024-03-21 11:28:21 +00:00
spi-mt7621.c spi: mt7621: switch to use modern name 2023-09-11 01:31:38 +01:00
spi-mtk-nor.c spi: mtk-nor: switch to use modern name 2023-09-11 01:31:39 +01:00
spi-mtk-snfi.c spi: Use devm_clk_get_*() helper function to 2023-09-11 22:43:17 +01:00
spi-mux.c spi: mux: switch to use spi_alloc_host() 2023-09-11 01:31:41 +01:00
spi-mxic.c spi: mxic: switch to use modern name 2023-09-11 01:31:42 +01:00
spi-mxs.c spi-mxs: Fix chipselect glitch 2024-02-13 15:48:22 +00:00
spi-npcm-fiu.c spi: Unify error codes by replacing -ENOTSUPP with -EOPNOTSUPP 2023-11-30 12:12:39 +00:00
spi-npcm-pspi.c spi: npcm-pspi: switch to use modern name 2023-09-11 01:31:43 +01:00
spi-nxp-fspi.c spi: nxp-fspi: Adjust LUT debug output alignment 2024-01-22 00:06:54 +00:00
spi-oc-tiny.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-omap2-mcspi.c spi: omap2-mcspi: Revert FIFO support without DMA 2024-02-12 13:41:34 +00:00
spi-omap-uwire.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-orion.c spi: orion: Use helper function devm_clk_get_enabled() 2023-09-11 01:32:09 +01:00
spi-pci1xxxx.c spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe 2024-04-03 11:04:58 +01:00
spi-pic32-sqi.c spi: pic32-sqi: Use helper function devm_clk_get_enabled() 2023-09-11 01:32:10 +01:00
spi-pic32.c spi: pic32: Replace of_gpio.h by proper one 2024-02-29 11:40:46 +00:00
spi-pl022.c spi: pl022: update description of internal_cs_control() 2023-12-15 12:58:18 +00:00
spi-ppc4xx.c Linux 6.8 2024-03-18 17:30:46 +00:00
spi-pxa2xx-dma.c
spi-pxa2xx-pci.c
spi-pxa2xx.c spi: pxa2xx: switch to use modern name 2023-08-21 14:29:24 +01:00
spi-pxa2xx.h
spi-qcom-qspi.c spi: spi-qcom-qspi: switch to use modern name 2023-08-21 14:29:25 +01:00
spi-qup.c spi: qup: Vote for interconnect bandwidth to DRAM 2023-09-25 14:19:38 +02:00
spi-rb4xx.c spi: rb4xx: switch to use modern name 2023-08-21 14:29:27 +01:00
spi-realtek-rtl.c spi: realtek-rtl: switch to use devm_spi_alloc_host() 2023-08-21 14:29:28 +01:00
spi-rockchip-sfc.c spi: rockchip-sfc: switch to use modern name 2023-08-21 14:29:29 +01:00
spi-rockchip.c spi: spi-rockchip: Fix max_native_cs 2024-02-05 14:35:49 +00:00
spi-rpc-if.c spi: rpc-if: switch to use devm_spi_alloc_host() 2023-08-16 12:58:08 +01:00
spi-rspi.c spi: rspi: switch to use spi_alloc_host() 2023-08-21 14:29:30 +01:00
spi-rzv2m-csi.c spi: rzv2m-csi: Add target mode support 2023-10-09 13:14:28 +01:00
spi-s3c64xx.c spi: s3c64xx: Use DMA mode from fifo size 2024-03-29 13:48:15 +00:00
spi-sc18is602.c spi: sc18is602: switch to use modern name 2023-08-21 14:29:33 +01:00
spi-sh-hspi.c spi: sh-hspi: switch to use modern name 2023-08-21 14:29:34 +01:00
spi-sh-msiof.c spi: sh-msiof: avoid integer overflow in constants 2024-01-30 15:27:21 +00:00
spi-sh-sci.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-sh.c spi: sh: switch to use modern name 2023-08-21 14:29:37 +01:00
spi-sifive.c spi: sifive: switch to use modern name 2023-08-21 14:29:38 +01:00
spi-slave-mt27xx.c spi: slave-mt27xx: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:53 +00:00
spi-slave-system-control.c
spi-slave-time.c
spi-sn-f-ospi.c spi: spi-sn-f-ospi: switch to use modern name 2023-08-21 14:29:39 +01:00
spi-sprd-adi.c spi: sprd-adi: switch to use spi_alloc_host() 2023-12-11 12:54:53 +00:00
spi-sprd.c spi: sprd: switch to use modern name 2023-12-11 12:54:53 +00:00
spi-st-ssc4.c spi: st-ssc4: switch to use modern name 2023-12-11 12:54:54 +00:00
spi-stm32-qspi.c spi: stm32-qspi: Replace of_gpio.h by proper one 2024-02-29 11:40:47 +00:00
spi-stm32.c spi: stm32: move splitting transfers to optimize_message 2024-02-26 13:55:11 +00:00
spi-sun4i.c spi: sun4i: switch to use modern name 2023-12-11 12:54:57 +00:00
spi-sun6i.c spi: sun6i: switch to use modern name 2023-12-11 12:54:58 +00:00
spi-sunplus-sp7021.c spi: sunplus-sp7021: switch to use modern name 2023-12-11 12:54:59 +00:00
spi-synquacer.c spi: synquacer: switch to use modern name 2023-12-11 12:55:00 +00:00
spi-tegra20-sflash.c spi: tegra20-sflash: switch to use modern name 2023-12-11 12:55:03 +00:00
spi-tegra20-slink.c spi: tegra20-slink: switch to use modern name 2023-12-11 12:55:04 +00:00
spi-tegra114.c spi: tegra114: switch to use modern name 2023-12-11 12:55:02 +00:00
spi-tegra210-quad.c spi: tegra210-quad: switch to use modern name 2023-12-11 12:55:05 +00:00
spi-test.h
spi-ti-qspi.c spi: spi-ti-qspi: switch to use modern name 2023-12-11 12:55:06 +00:00
spi-tle62x0.c
spi-topcliff-pch.c spi: topcliff-pch: switch to use modern name 2023-12-11 12:55:07 +00:00
spi-uniphier.c spi: uniphier: switch to use modern name 2023-12-11 12:55:08 +00:00
spi-wpcm-fiu.c spi: wpcm-fiu: switch to use devm_spi_alloc_host() 2023-12-11 12:55:06 +00:00
spi-xcomm.c spi: xcomm: switch to use modern name 2023-12-11 12:55:09 +00:00
spi-xilinx.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-xlp.c spi: xlp: switch to use modern name 2023-12-11 12:55:11 +00:00
spi-xtensa-xtfpga.c spi: bitbang: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:48 +00:00
spi-zynq-qspi.c spi: zynq-qspi: switch to use modern name 2023-12-11 12:55:13 +00:00
spi-zynqmp-gqspi.c spi: zynqmp-gqspi: switch to use modern name 2023-12-11 12:55:14 +00:00
spi.c spi: fix null pointer dereference within spi_sync 2024-05-01 11:02:48 +09:00
spidev.c spi: spidev: Follow renaming of SPI "master" to "controller" 2024-02-08 11:54:53 +00:00