mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 22:54:01 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/spi
History
YueHaibing 3b3853bf81 spi: bitbang: Fix NULL pointer dereference in spi_unregister_master 
[ Upstream commit 5caaf29af5 ]

If spi_register_master fails in spi_bitbang_start
because device_add failure, We should return the
error code other than 0, otherwise calling
spi_bitbang_stop may trigger NULL pointer dereference
like this:

BUG: KASAN: null-ptr-deref in __list_del_entry_valid+0x45/0xd0
Read of size 8 at addr 0000000000000000 by task syz-executor.0/3661

CPU: 0 PID: 3661 Comm: syz-executor.0 Not tainted 5.1.0+ #28
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
 dump_stack+0xa9/0x10e
 ? __list_del_entry_valid+0x45/0xd0
 ? __list_del_entry_valid+0x45/0xd0
 __kasan_report+0x171/0x18d
 ? __list_del_entry_valid+0x45/0xd0
 kasan_report+0xe/0x20
 __list_del_entry_valid+0x45/0xd0
 spi_unregister_controller+0x99/0x1b0
 spi_lm70llp_attach+0x3ae/0x4b0 [spi_lm70llp]
 ? 0xffffffffc1128000
 ? klist_next+0x131/0x1e0
 ? driver_detach+0x40/0x40 [parport]
 port_check+0x3b/0x50 [parport]
 bus_for_each_dev+0x115/0x180
 ? subsys_dev_iter_exit+0x20/0x20
 __parport_register_driver+0x1f0/0x210 [parport]
 ? 0xffffffffc1150000
 do_one_initcall+0xb9/0x3b5
 ? perf_trace_initcall_level+0x270/0x270
 ? kasan_unpoison_shadow+0x30/0x40
 ? kasan_unpoison_shadow+0x30/0x40
 do_init_module+0xe0/0x330
 load_module+0x38eb/0x4270
 ? module_frob_arch_sections+0x20/0x20
 ? kernel_read_file+0x188/0x3f0
 ? find_held_lock+0x6d/0xd0
 ? fput_many+0x1a/0xe0
 ? __do_sys_finit_module+0x162/0x190
 __do_sys_finit_module+0x162/0x190
 ? __ia32_sys_init_module+0x40/0x40
 ? __mutex_unlock_slowpath+0xb4/0x3f0
 ? wait_for_completion+0x240/0x240
 ? vfs_write+0x160/0x2a0
 ? lockdep_hardirqs_off+0xb5/0x100
 ? mark_held_locks+0x1a/0x90
 ? do_syscall_64+0x14/0x2a0
 do_syscall_64+0x72/0x2a0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 702a4879ec ("spi: bitbang: Let spi_bitbang_start() take a reference to master")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-07-10 09:55:43 +02:00
..
Kconfig Revert "spi: bcm-qspi: shut up warning about cfi header inclusion" 2018-04-08 12:13:00 +02:00
Makefile Merge remote-tracking branches 'spi/topic/octeon', 'spi/topic/pic32-sqi', 'spi/topic/pxa2xx' and 'spi/topic/qup' into spi-next 2016-09-30 09:14:14 -07:00
spi-adi-v3.c
spi-altera.c
spi-ath79.c
spi-atmel.c spi: atmel: fixed spin_lock usage inside atmel_spi_remove 2018-03-03 10:23:22 +01:00
spi-au1550.c
spi-axi-spi-engine.c spi: spi-axi: fix potential use-after-free after deregistration 2017-12-09 22:01:48 +01:00
spi-bcm-qspi.c spi: bcm-qspi: fIX some error handling paths 2018-05-30 07:50:45 +02:00
spi-bcm-qspi.h spi: iproc-qspi: Add Broadcom iProc SoCs support 2016-09-24 20:03:25 +01:00
spi-bcm53xx.c
spi-bcm53xx.h
spi-bcm63xx-hsspi.c
spi-bcm63xx.c
spi-bcm2835.c spi: bcm2835: Unbreak the build of esoteric configs 2019-01-09 16:16:45 +01:00
spi-bcm2835aux.c
spi-bfin-sport.c spi: spi-bfin-sport: Remove deprecated create_singlethread_workqueue 2016-07-03 14:24:31 +02:00
spi-bfin5xx.c spi: spi-bfin5xx: Remove deprecated create_singlethread_workqueue 2016-07-03 14:14:31 +02:00
spi-bitbang-txrx.h
spi-bitbang.c spi: bitbang: Fix NULL pointer dereference in spi_unregister_master 2019-07-10 09:55:43 +02:00
spi-brcmstb-qspi.c spi: brcmstb-qspi: Broadcom settop platform driver 2016-09-14 18:03:32 +01:00
spi-butterfly.c
spi-cadence.c
spi-cavium-octeon.c spi: octeon: Split driver into Octeon specific and common parts 2016-07-24 21:54:29 +01:00
spi-cavium-thunderx.c spi: spi-cavium-thunderx: Add missing clk_disable_unprepare() 2016-08-24 12:37:43 +01:00
spi-cavium.c spi: octeon: Split driver into Octeon specific and common parts 2016-07-24 21:54:29 +01:00
spi-cavium.h spi: octeon: Add ThunderX driver 2016-08-19 16:24:39 +01:00
spi-clps711x.c spi: clps711x: Driver refactor 2016-07-07 11:44:43 +02:00
spi-coldfire-qspi.c
spi-davinci.c spi: davinci: fix a NULL pointer dereference 2018-09-09 20:01:19 +02:00
spi-dln2.c
spi-dw-mid.c
spi-dw-mmio.c spi: dw: Disable clock after unregistering the host 2018-03-24 11:00:10 +01:00
spi-dw-pci.c
spi-dw.c spi: dw: Make debugfs name unique between instances 2017-08-06 18:59:45 -07:00
spi-dw.h spi: dw: fix multiple slaves with different baudrates 2016-09-06 11:53:50 +01:00
spi-efm32.c
spi-ep93xx.c spi: spi-ep93xx: Fix the PTR_ERR() argument 2016-05-24 16:54:50 +01:00
spi-falcon.c
spi-fsl-cpm.c
spi-fsl-cpm.h
spi-fsl-dspi.c spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe 2018-09-09 20:01:19 +02:00
spi-fsl-espi.c spi: fsl-espi: avoid processing uninitalized data on error 2016-10-26 11:14:52 +01:00
spi-fsl-lib.c
spi-fsl-lib.h spi: fsl-espi: align register access with other drivers 2016-09-14 18:24:47 +01:00
spi-fsl-spi.c
spi-fsl-spi.h
spi-gpio.c
spi-img-spfi.c spi: img-spfi: Remove spi_master_put in img_spfi_remove() 2016-07-27 19:00:16 +01:00
spi-imx.c spi: imx: do not access registers while clocks disabled 2018-02-03 17:05:43 +01:00
spi-iproc-qspi.c spi: iproc-qspi: Add Broadcom iProc SoCs support 2016-09-24 20:03:25 +01:00
spi-jcore.c spi: jcore: remove unnecessary platform_set_drvdata() 2016-08-09 10:40:05 +01:00
spi-lm70llp.c
spi-loopback-test.c spi: loopback-test: mark rx_ranges_cmp() static 2016-09-01 20:54:54 +01:00
spi-lp8841-rtc.c
spi-meson-spifc.c spi: meson: Add GXBB compatible 2016-09-12 20:11:39 +01:00
spi-mpc52xx-psc.c spi: spi-mpc52xx-psc: Remove deprecated create_singlethread_workqueue 2016-07-03 14:23:25 +02:00
spi-mpc52xx.c
spi-mpc512x-psc.c
spi-mt65xx.c spi: mediatek: remove spi_master_put in mtk_spi_remove() 2016-07-27 19:00:16 +01:00
spi-mxs.c
spi-nuc900.c
spi-oc-tiny.c
spi-omap-100k.c
spi-omap-uwire.c
spi-omap2-mcspi.c spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer 2018-03-22 09:17:42 +01:00
spi-orion.c spi: mvebu: fix baudrate calculation for armada variant 2017-01-15 13:42:57 +01:00
spi-pic32-sqi.c spi: pic32-sqi: use list_move_tail and list_move 2016-08-08 11:56:40 +01:00
spi-pic32.c spi: pic32: fixup wait_for_completion_timeout return handling 2016-07-24 21:49:16 +01:00
spi-pl022.c
spi-ppc4xx.c
spi-pxa2xx-dma.c spi: pxa2xx: Remove pointer to chip data from driver data 2016-09-12 20:01:27 +01:00
spi-pxa2xx-pci.c spi: pxa2xx-pci: fix ACPI-based enumeration of SPI devices 2016-08-24 12:20:03 +01:00
spi-pxa2xx.c dmaengine: idma64: Use actual device for DMA transfers 2019-06-22 08:17:17 +02:00
spi-pxa2xx.h spi: pxa2xx: Allow 64-bit DMA 2018-05-22 16:57:56 +02:00
spi-qup.c Merge remote-tracking branches 'spi/topic/octeon', 'spi/topic/pic32-sqi', 'spi/topic/pxa2xx' and 'spi/topic/qup' into spi-next 2016-09-30 09:14:14 -07:00
spi-rb4xx.c
spi-rockchip.c Merge remote-tracking branches 'spi/topic/pxa2xx', 'spi/topic/rockchip', 'spi/topic/s3c64xx', 'spi/topic/sh' and 'spi/topic/sh-msiof' into spi-next 2016-07-24 22:08:25 +01:00
spi-rspi.c spi: rspi: Fix sequencer reset during initialization 2019-05-31 06:48:31 -07:00
spi-s3c24xx-fiq.h
spi-s3c24xx-fiq.S
spi-s3c24xx.c
spi-s3c64xx.c spi: s3c64xx: fix inconsistency between binding and driver 2017-03-12 06:41:41 +01:00
spi-sc18is602.c spi: sc18is602: Change gpiod_set_value to gpiod_set_value_cansleep 2016-09-29 11:01:36 -07:00
spi-sh-hspi.c
spi-sh-msiof.c spi: sh-msiof: Fix handling of write value for SISTR register 2018-10-03 17:01:49 -07:00
spi-sh-sci.c
spi-sh.c spi: spi-sh: Remove deprecated create_singlethread_workqueue 2016-07-11 19:32:38 +01:00
spi-sirf.c
spi-st-ssc4.c spi: st-ssc4: Fix misuse of devm_gpio_request/devm_gpio_free APIs 2016-09-14 16:05:35 +01:00
spi-sun4i.c spi: sun4i: disable clocks in the remove function 2018-02-25 11:05:49 +01:00
spi-sun6i.c spi: sun6i: disable/unprepare clocks on remove 2018-03-22 09:17:56 +01:00
spi-tegra20-sflash.c
spi-tegra20-slink.c spi: tegra20-slink: explicitly enable/disable clock 2018-10-03 17:01:49 -07:00
spi-tegra114.c spi: tegra114: reset controller on probe 2019-05-31 06:48:29 -07:00
spi-test.h
spi-ti-qspi.c spi: ti-qspi: Fix mmap read when more than one CS in use 2019-03-23 13:19:46 +01:00
spi-tle62x0.c
spi-topcliff-pch.c spi : spi-topcliff-pch: Fix to handle empty DMA buffers 2019-05-31 06:48:31 -07:00
spi-txx9.c spi: spi-txx9: Add missing clock (un)prepare calls for CCF 2016-08-18 19:10:39 +01:00
spi-xcomm.c
spi-xilinx.c spi: xilinx: Detect stall with Unknown commands 2017-12-29 17:42:59 +01:00
spi-xlp.c spi: xlp: Add ACPI support for Vulcan SPI controller 2016-08-09 15:25:43 +01:00
spi-xtensa-xtfpga.c
spi-zynqmp-gqspi.c
spi.c spi: Fix zero length xfer bug 2019-05-31 06:48:31 -07:00
spidev.c spi: spidev: Add ACPI probing support 2016-07-04 16:28:52 +02:00