a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6393795806
android_kernel_samsung_a7y1.../drivers/spi
History
YueHaibing b931db5839 spi: bitbang: Fix NULL pointer dereference in spi_unregister_master 
[ Upstream commit 5caaf29af5ca82d5da8bc1d0ad07d9e664ccf1d8 ]

If spi_register_master fails in spi_bitbang_start
because device_add failure, We should return the
error code other than 0, otherwise calling
spi_bitbang_stop may trigger NULL pointer dereference
like this:

BUG: KASAN: null-ptr-deref in __list_del_entry_valid+0x45/0xd0
Read of size 8 at addr 0000000000000000 by task syz-executor.0/3661

CPU: 0 PID: 3661 Comm: syz-executor.0 Not tainted 5.1.0+ #28
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
 dump_stack+0xa9/0x10e
 ? __list_del_entry_valid+0x45/0xd0
 ? __list_del_entry_valid+0x45/0xd0
 __kasan_report+0x171/0x18d
 ? __list_del_entry_valid+0x45/0xd0
 kasan_report+0xe/0x20
 __list_del_entry_valid+0x45/0xd0
 spi_unregister_controller+0x99/0x1b0
 spi_lm70llp_attach+0x3ae/0x4b0 [spi_lm70llp]
 ? 0xffffffffc1128000
 ? klist_next+0x131/0x1e0
 ? driver_detach+0x40/0x40 [parport]
 port_check+0x3b/0x50 [parport]
 bus_for_each_dev+0x115/0x180
 ? subsys_dev_iter_exit+0x20/0x20
 __parport_register_driver+0x1f0/0x210 [parport]
 ? 0xffffffffc1150000
 do_one_initcall+0xb9/0x3b5
 ? perf_trace_initcall_level+0x270/0x270
 ? kasan_unpoison_shadow+0x30/0x40
 ? kasan_unpoison_shadow+0x30/0x40
 do_init_module+0xe0/0x330
 load_module+0x38eb/0x4270
 ? module_frob_arch_sections+0x20/0x20
 ? kernel_read_file+0x188/0x3f0
 ? find_held_lock+0x6d/0xd0
 ? fput_many+0x1a/0xe0
 ? __do_sys_finit_module+0x162/0x190
 __do_sys_finit_module+0x162/0x190
 ? __ia32_sys_init_module+0x40/0x40
 ? __mutex_unlock_slowpath+0xb4/0x3f0
 ? wait_for_completion+0x240/0x240
 ? vfs_write+0x160/0x2a0
 ? lockdep_hardirqs_off+0xb5/0x100
 ? mark_held_locks+0x1a/0x90
 ? do_syscall_64+0x14/0x2a0
 do_syscall_64+0x72/0x2a0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 702a4879ec33 ("spi: bitbang: Let spi_bitbang_start() take a reference to master")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-04-06 19:17:43 +02:00
..
Kconfig A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Makefile A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-adi-v3.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-altera.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-ath79.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-atmel.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-au1550.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bcm53xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bcm53xx.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bcm63xx-hsspi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bcm63xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bcm2835.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bcm2835aux.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bfin-sport.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bfin5xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bitbang-txrx.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-bitbang.c spi: bitbang: Fix NULL pointer dereference in spi_unregister_master 2020-04-06 19:17:43 +02:00
spi-butterfly.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-cadence.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-clps711x.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-coldfire-qspi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-davinci.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-dln2.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-dw-mid.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-dw-mmio.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-dw-pci.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-dw.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-dw.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-efm32.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-ep93xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-falcon.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-fsl-cpm.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-fsl-cpm.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-fsl-dspi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-fsl-espi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-fsl-lib.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-fsl-lib.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-fsl-spi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-fsl-spi.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-gpio.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-img-spfi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-imx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-lm70llp.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-meson-spifc.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-mpc52xx-psc.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-mpc52xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-mpc512x-psc.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-mt65xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-mxs.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-nuc900.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-oc-tiny.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-octeon.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-omap-100k.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-omap-uwire.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-omap2-mcspi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-orion.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-pl022.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-ppc4xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-pxa2xx-dma.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-pxa2xx-pci.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-pxa2xx.c dmaengine: idma64: Use actual device for DMA transfers 2020-04-06 19:02:35 +02:00
spi-pxa2xx.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-qup.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-rb4xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-rockchip.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-rspi.c spi: rspi: Fix sequencer reset during initialization 2020-04-06 18:20:31 +02:00
spi-s3c24xx-fiq.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-s3c24xx-fiq.S A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-s3c24xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-s3c64xx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-sc18is602.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-sh-hspi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-sh-msiof.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-sh-sci.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-sh.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-sirf.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-st-ssc4.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-sun4i.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-sun6i.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-tegra20-sflash.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-tegra20-slink.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-tegra114.c spi: tegra114: reset controller on probe 2020-04-06 18:20:08 +02:00
spi-ti-qspi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-tle62x0.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-topcliff-pch.c spi : spi-topcliff-pch: Fix to handle empty DMA buffers 2020-04-06 18:20:29 +02:00
spi-txx9.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-xcomm.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-xilinx.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-xlp.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-xtensa-xtfpga.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi-zynqmp-gqspi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spi.c spi: Fix zero length xfer bug 2020-04-06 18:20:33 +02:00
spidev.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30