evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/spi
History
YueHaibing 05d6e618f6 spi: bitbang: Fix NULL pointer dereference in spi_unregister_master 
[ Upstream commit 5caaf29af5ca82d5da8bc1d0ad07d9e664ccf1d8 ]

If spi_register_master fails in spi_bitbang_start
because device_add failure, We should return the
error code other than 0, otherwise calling
spi_bitbang_stop may trigger NULL pointer dereference
like this:

BUG: KASAN: null-ptr-deref in __list_del_entry_valid+0x45/0xd0
Read of size 8 at addr 0000000000000000 by task syz-executor.0/3661

CPU: 0 PID: 3661 Comm: syz-executor.0 Not tainted 5.1.0+ #28
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
 dump_stack+0xa9/0x10e
 ? __list_del_entry_valid+0x45/0xd0
 ? __list_del_entry_valid+0x45/0xd0
 __kasan_report+0x171/0x18d
 ? __list_del_entry_valid+0x45/0xd0
 kasan_report+0xe/0x20
 __list_del_entry_valid+0x45/0xd0
 spi_unregister_controller+0x99/0x1b0
 spi_lm70llp_attach+0x3ae/0x4b0 [spi_lm70llp]
 ? 0xffffffffc1128000
 ? klist_next+0x131/0x1e0
 ? driver_detach+0x40/0x40 [parport]
 port_check+0x3b/0x50 [parport]
 bus_for_each_dev+0x115/0x180
 ? subsys_dev_iter_exit+0x20/0x20
 __parport_register_driver+0x1f0/0x210 [parport]
 ? 0xffffffffc1150000
 do_one_initcall+0xb9/0x3b5
 ? perf_trace_initcall_level+0x270/0x270
 ? kasan_unpoison_shadow+0x30/0x40
 ? kasan_unpoison_shadow+0x30/0x40
 do_init_module+0xe0/0x330
 load_module+0x38eb/0x4270
 ? module_frob_arch_sections+0x20/0x20
 ? kernel_read_file+0x188/0x3f0
 ? find_held_lock+0x6d/0xd0
 ? fput_many+0x1a/0xe0
 ? __do_sys_finit_module+0x162/0x190
 __do_sys_finit_module+0x162/0x190
 ? __ia32_sys_init_module+0x40/0x40
 ? __mutex_unlock_slowpath+0xb4/0x3f0
 ? wait_for_completion+0x240/0x240
 ? vfs_write+0x160/0x2a0
 ? lockdep_hardirqs_off+0xb5/0x100
 ? mark_held_locks+0x1a/0x90
 ? do_syscall_64+0x14/0x2a0
 do_syscall_64+0x72/0x2a0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 702a4879ec ("spi: bitbang: Let spi_bitbang_start() take a reference to master")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-07-10 09:56:39 +02:00
..
Kconfig Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" 2017-12-16 10:33:50 +01:00
Makefile
spi-adi-v3.c
spi-altera.c
spi-ath79.c
spi-atmel.c spi: atmel: fixed spin_lock usage inside atmel_spi_remove 2018-03-03 10:19:42 +01:00
spi-au1550.c
spi-bcm53xx.c
spi-bcm53xx.h
spi-bcm63xx-hsspi.c spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() 2018-11-10 07:41:39 -08:00
spi-bcm63xx.c spi/bcm63xx: fix error return code in bcm63xx_spi_probe() 2018-11-10 07:41:40 -08:00
spi-bcm2835.c spi: bcm2835: Unbreak the build of esoteric configs 2019-01-13 10:05:31 +01:00
spi-bcm2835aux.c
spi-bfin-sport.c
spi-bfin5xx.c
spi-bitbang-txrx.h
spi-bitbang.c spi: bitbang: Fix NULL pointer dereference in spi_unregister_master 2019-07-10 09:56:39 +02:00
spi-butterfly.c
spi-cadence.c
spi-clps711x.c
spi-coldfire-qspi.c
spi-davinci.c spi: davinci: fix a NULL pointer dereference 2018-09-09 20:04:32 +02:00
spi-dln2.c
spi-dw-mid.c
spi-dw-mmio.c spi: dw: Disable clock after unregistering the host 2018-03-24 10:58:41 +01:00
spi-dw-pci.c
spi-dw.c spi: dw: Make debugfs name unique between instances 2017-08-06 19:19:44 -07:00
spi-dw.h
spi-efm32.c
spi-ep93xx.c
spi-falcon.c
spi-fsl-cpm.c
spi-fsl-cpm.h
spi-fsl-dspi.c spi: spi-fsl-dspi: Drop extra spi_master_put in device remove function 2016-10-31 04:13:59 -06:00
spi-fsl-espi.c
spi-fsl-lib.c
spi-fsl-lib.h
spi-fsl-spi.c
spi-fsl-spi.h
spi-gpio.c
spi-img-spfi.c
spi-imx.c spi: imx: do not access registers while clocks disabled 2018-02-03 17:04:31 +01:00
spi-lm70llp.c
spi-meson-spifc.c
spi-mpc52xx-psc.c
spi-mpc52xx.c
spi-mpc512x-psc.c
spi-mt65xx.c
spi-mxs.c
spi-nuc900.c
spi-oc-tiny.c
spi-octeon.c
spi-omap-100k.c
spi-omap-uwire.c
spi-omap2-mcspi.c spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer 2018-03-22 09:23:22 +01:00
spi-orion.c spi: mvebu: fix baudrate calculation for armada variant 2017-01-15 13:41:36 +01:00
spi-pl022.c
spi-ppc4xx.c
spi-pxa2xx-dma.c
spi-pxa2xx-pci.c
spi-pxa2xx.c dmaengine: idma64: Use actual device for DMA transfers 2019-06-22 08:18:21 +02:00
spi-pxa2xx.h spi: pxa2xx: Allow 64-bit DMA 2018-05-26 08:48:52 +02:00
spi-qup.c
spi-rb4xx.c
spi-rockchip.c
spi-rspi.c spi: rspi: Fix sequencer reset during initialization 2019-06-11 12:24:06 +02:00
spi-s3c24xx-fiq.h
spi-s3c24xx-fiq.S
spi-s3c24xx.c
spi-s3c64xx.c
spi-sc18is602.c
spi-sh-hspi.c
spi-sh-msiof.c spi: sh-msiof: Fix handling of write value for SISTR register 2018-10-10 08:52:07 +02:00
spi-sh-sci.c
spi-sh.c
spi-sirf.c
spi-st-ssc4.c
spi-sun4i.c spi: sun4i: disable clocks in the remove function 2018-02-25 11:03:41 +01:00
spi-sun6i.c spi: sun6i: disable/unprepare clocks on remove 2018-03-22 09:23:28 +01:00
spi-tegra20-sflash.c
spi-tegra20-slink.c spi: tegra20-slink: explicitly enable/disable clock 2018-10-10 08:52:07 +02:00
spi-tegra114.c spi: tegra114: reset controller on probe 2019-06-11 12:24:04 +02:00
spi-ti-qspi.c
spi-tle62x0.c
spi-topcliff-pch.c spi : spi-topcliff-pch: Fix to handle empty DMA buffers 2019-06-11 12:24:05 +02:00
spi-txx9.c
spi-xcomm.c
spi-xilinx.c spi: xilinx: Detect stall with Unknown commands 2018-01-02 20:33:21 +01:00
spi-xlp.c spi: xlp: fix error return code in xlp_spi_probe() 2018-11-10 07:41:40 -08:00
spi-xtensa-xtfpga.c
spi-zynqmp-gqspi.c
spi.c spi: Fix zero length xfer bug 2019-06-11 12:24:06 +02:00
spidev.c