evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/spi
History
YueHaibing 05d6e618f6 spi: bitbang: Fix NULL pointer dereference in spi_unregister_master 
[ Upstream commit 5caaf29af5ca82d5da8bc1d0ad07d9e664ccf1d8 ]

If spi_register_master fails in spi_bitbang_start
because device_add failure, We should return the
error code other than 0, otherwise calling
spi_bitbang_stop may trigger NULL pointer dereference
like this:

BUG: KASAN: null-ptr-deref in __list_del_entry_valid+0x45/0xd0
Read of size 8 at addr 0000000000000000 by task syz-executor.0/3661

CPU: 0 PID: 3661 Comm: syz-executor.0 Not tainted 5.1.0+ #28
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
 dump_stack+0xa9/0x10e
 ? __list_del_entry_valid+0x45/0xd0
 ? __list_del_entry_valid+0x45/0xd0
 __kasan_report+0x171/0x18d
 ? __list_del_entry_valid+0x45/0xd0
 kasan_report+0xe/0x20
 __list_del_entry_valid+0x45/0xd0
 spi_unregister_controller+0x99/0x1b0
 spi_lm70llp_attach+0x3ae/0x4b0 [spi_lm70llp]
 ? 0xffffffffc1128000
 ? klist_next+0x131/0x1e0
 ? driver_detach+0x40/0x40 [parport]
 port_check+0x3b/0x50 [parport]
 bus_for_each_dev+0x115/0x180
 ? subsys_dev_iter_exit+0x20/0x20
 __parport_register_driver+0x1f0/0x210 [parport]
 ? 0xffffffffc1150000
 do_one_initcall+0xb9/0x3b5
 ? perf_trace_initcall_level+0x270/0x270
 ? kasan_unpoison_shadow+0x30/0x40
 ? kasan_unpoison_shadow+0x30/0x40
 do_init_module+0xe0/0x330
 load_module+0x38eb/0x4270
 ? module_frob_arch_sections+0x20/0x20
 ? kernel_read_file+0x188/0x3f0
 ? find_held_lock+0x6d/0xd0
 ? fput_many+0x1a/0xe0
 ? __do_sys_finit_module+0x162/0x190
 __do_sys_finit_module+0x162/0x190
 ? __ia32_sys_init_module+0x40/0x40
 ? __mutex_unlock_slowpath+0xb4/0x3f0
 ? wait_for_completion+0x240/0x240
 ? vfs_write+0x160/0x2a0
 ? lockdep_hardirqs_off+0xb5/0x100
 ? mark_held_locks+0x1a/0x90
 ? do_syscall_64+0x14/0x2a0
 do_syscall_64+0x72/0x2a0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 702a4879ec ("spi: bitbang: Let spi_bitbang_start() take a reference to master")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-07-10 09:56:39 +02:00
..
Kconfig Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" 2017-12-16 10:33:50 +01:00
Makefile spi: bcm2835aux: add bcm2835 auxiliary spi device driver 2015-10-07 11:42:57 +01:00
spi-adi-v3.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-altera.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-ath79.c spi: ath79: simplify iomem resource mapping 2015-09-30 20:33:29 +01:00
spi-atmel.c spi: atmel: fixed spin_lock usage inside atmel_spi_remove 2018-03-03 10:19:42 +01:00
spi-au1550.c spi: au1550: Simplify au1550_spi_setupxfer() 2015-09-16 20:54:54 +01:00
spi-bcm53xx.c spi: bcm53xx: Adjust devm usage 2015-09-16 17:42:28 +01:00
spi-bcm53xx.h spi: bcm53xx: driver for SPI controller on Broadcom bcma SoC 2014-08-19 11:30:55 -05:00
spi-bcm63xx-hsspi.c spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() 2018-11-10 07:41:39 -08:00
spi-bcm63xx.c spi/bcm63xx: fix error return code in bcm63xx_spi_probe() 2018-11-10 07:41:40 -08:00
spi-bcm2835.c spi: bcm2835: Unbreak the build of esoteric configs 2019-01-13 10:05:31 +01:00
spi-bcm2835aux.c spi: bcm2835aux: change initialization order and switch to platform_get_irq 2015-10-16 15:35:33 +01:00
spi-bfin-sport.c spi: bfin-sport: Calculate transfer speed unconditionally 2015-09-16 20:53:45 +01:00
spi-bfin5xx.c spi: spi-bfin5xx: Calculate transfer speed unconditionally 2015-09-16 20:54:32 +01:00
spi-bitbang-txrx.h spi: Fix regression in spi-bitbang-txrx.h 2015-07-29 15:01:07 +01:00
spi-bitbang.c spi: bitbang: Fix NULL pointer dereference in spi_unregister_master 2019-07-10 09:56:39 +02:00
spi-butterfly.c spi: Remove FSF mailing addresses 2014-12-22 15:32:42 +00:00
spi-cadence.c Merge remote-tracking branches 'spi/topic/atmel', 'spi/topic/cadence', 'spi/topic/dw' and 'spi/topic/fsl-cpm' into spi-next 2014-12-08 12:17:12 +00:00
spi-clps711x.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-coldfire-qspi.c spi: spi-coldfire-qspi: enable RuntimePM before registering to the core 2015-10-12 17:02:08 +01:00
spi-davinci.c spi: davinci: fix a NULL pointer dereference 2018-09-09 20:04:32 +02:00
spi-dln2.c spi/dln2: simplify return flow for dln2_spi_transfer_setup and dln2_spi_enable 2015-01-06 17:02:50 +00:00
spi-dw-mid.c spi: dw-spi: Convert 16bit accesses to 32bit accesses 2015-03-17 12:27:09 +00:00
spi-dw-mmio.c spi: dw: Disable clock after unregistering the host 2018-03-24 10:58:41 +01:00
spi-dw-pci.c spi: dw-pci: remove unused pdev member from struct dw_spi_pci 2015-10-19 20:32:01 +01:00
spi-dw.c spi: dw: Make debugfs name unique between instances 2017-08-06 19:19:44 -07:00
spi-dw.h spi: dw: introduce spi_shutdown_chip() 2015-10-19 20:32:01 +01:00
spi-efm32.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-ep93xx.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-falcon.c Merge remote-tracking branches 'spi/topic/falcon', 'spi/topic/fsf', 'spi/topic/fsl', 'spi/topic/fsl-dspi' and 'spi/topic/gpio' into spi-next 2015-02-08 11:16:46 +08:00
spi-fsl-cpm.c spi: fsl-spi: fix devm_ioremap_resource() error case 2015-04-24 13:27:53 +01:00
spi-fsl-cpm.h
spi-fsl-dspi.c spi: spi-fsl-dspi: Drop extra spi_master_put in device remove function 2016-10-31 04:13:59 -06:00
spi-fsl-espi.c spi: fsl-(e)spi: Fix checking return value of devm_ioremap_resource 2015-08-30 12:14:36 +01:00
spi-fsl-lib.c spi: fsl-(e)spi: simplify cleanup code 2015-08-28 18:15:18 +01:00
spi-fsl-lib.h spi: fsl-(e)spi: simplify cleanup code 2015-08-28 18:15:18 +01:00
spi-fsl-spi.c spi: fsl-(e)spi: Fix checking return value of devm_ioremap_resource 2015-08-30 12:14:36 +01:00
spi-fsl-spi.h
spi-gpio.c Merge remote-tracking branches 'spi/topic/falcon', 'spi/topic/fsf', 'spi/topic/fsl', 'spi/topic/fsl-dspi' and 'spi/topic/gpio' into spi-next 2015-02-08 11:16:46 +08:00
spi-img-spfi.c Merge remote-tracking branches 'spi/topic/dw', 'spi/topic/fsl-espi', 'spi/topic/img-spfi' and 'spi/topic/mpc512x-psc' into spi-next 2015-08-31 14:45:32 +01:00
spi-imx.c spi: imx: do not access registers while clocks disabled 2018-02-03 17:04:31 +01:00
spi-lm70llp.c spi: Remove FSF mailing addresses 2014-12-22 15:32:42 +00:00
spi-meson-spifc.c spi: meson: Fix module autoload for OF platform driver 2015-09-19 07:55:25 -07:00
spi-mpc52xx-psc.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-mpc52xx.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-mpc512x-psc.c spi: mpc512x: Call mpc512x_psc_spi_transfer_setup() unconditionally 2015-09-17 12:33:31 +01:00
spi-mt65xx.c spi: mediatek: single device does not require cs_gpios 2015-11-16 17:44:57 +00:00
spi-mxs.c spi: mxs: cleanup wait_for_completion return handling 2015-02-05 18:04:57 +00:00
spi-nuc900.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-oc-tiny.c spi: oc-tiny: Use of_property_read_u32 instead of open-coding it 2015-09-16 19:16:01 +01:00
spi-octeon.c spi: octeon: Use transfer speed unconditionally 2015-09-16 20:53:19 +01:00
spi-omap-100k.c spi: omap-100k: Rely on validations done by spi core 2015-09-17 12:34:20 +01:00
spi-omap-uwire.c spi: omap-uwire: Remove needless bits_per_word and speed_hz tests 2015-09-17 12:33:58 +01:00
spi-omap2-mcspi.c spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer 2018-03-22 09:23:22 +01:00
spi-orion.c spi: mvebu: fix baudrate calculation for armada variant 2017-01-15 13:41:36 +01:00
spi-pl022.c spi: pl022: handle EPROBE_DEFER for dma 2015-11-23 11:31:44 +00:00
spi-ppc4xx.c spi: bitbang: Replace spinlock by mutex 2015-09-17 12:13:40 +01:00
spi-pxa2xx-dma.c spi: pxa2xx: Remove empty function pxa2xx_spi_dma_resume() 2015-10-01 17:26:27 +01:00
spi-pxa2xx-pci.c spi: spi-pxa2xx: Remove clk.h include 2015-07-15 12:35:02 +01:00
spi-pxa2xx.c dmaengine: idma64: Use actual device for DMA transfers 2019-06-22 08:18:21 +02:00
spi-pxa2xx.h spi: pxa2xx: Allow 64-bit DMA 2018-05-26 08:48:52 +02:00
spi-qup.c Merge remote-tracking branches 'spi/topic/qup', 'spi/topic/rockchip', 'spi/topic/rspi', 'spi/topic/s3c64xx' and 'spi/topic/sc18is602' into spi-next 2015-04-11 23:09:25 +01:00
spi-rb4xx.c spi: rb4xx: Fix checking return value of devm_ioremap_resource() 2015-05-01 17:35:54 +01:00
spi-rockchip.c spi/rockchip: Make sure spi clk is on in rockchip_spi_set_cs 2016-05-04 14:48:50 -07:00
spi-rspi.c spi: rspi: Fix sequencer reset during initialization 2019-06-11 12:24:06 +02:00
spi-s3c24xx-fiq.h
spi-s3c24xx-fiq.S
spi-s3c24xx.c spi: bitbang: Replace spinlock by mutex 2015-09-17 12:13:40 +01:00
spi-s3c64xx.c spi: s3c64xx: Use transfer speed unconditionally 2015-09-16 20:53:04 +01:00
spi-sc18is602.c Merge remote-tracking branches 'spi/topic/qup', 'spi/topic/rockchip', 'spi/topic/rspi', 'spi/topic/s3c64xx' and 'spi/topic/sc18is602' into spi-next 2015-04-11 23:09:25 +01:00
spi-sh-hspi.c spi: Remove FSF mailing addresses 2014-12-22 15:32:42 +00:00
spi-sh-msiof.c spi: sh-msiof: Fix handling of write value for SISTR register 2018-10-10 08:52:07 +02:00
spi-sh-sci.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-sh.c spi: Remove FSF mailing addresses 2014-12-22 15:32:42 +00:00
spi-sirf.c spi: sirf: add the reset for USP-based SPI 2015-05-26 11:39:16 +01:00
spi-st-ssc4.c spi: constify of_device_id array 2015-03-17 12:15:22 +00:00
spi-sun4i.c spi: sun4i: disable clocks in the remove function 2018-02-25 11:03:41 +01:00
spi-sun6i.c spi: sun6i: disable/unprepare clocks on remove 2018-03-22 09:23:28 +01:00
spi-tegra20-sflash.c spi: drop owner assignment from platform_drivers 2014-10-20 16:21:36 +02:00
spi-tegra20-slink.c spi: tegra20-slink: explicitly enable/disable clock 2018-10-10 08:52:07 +02:00
spi-tegra114.c spi: tegra114: reset controller on probe 2019-06-11 12:24:04 +02:00
spi-ti-qspi.c spi: spi-ti-qspi: Handle truncated frames properly 2016-05-18 17:06:47 -07:00
spi-tle62x0.c spi: Drop owner assignment from spi_drivers 2015-10-28 10:30:17 +09:00
spi-topcliff-pch.c spi : spi-topcliff-pch: Fix to handle empty DMA buffers 2019-06-11 12:24:05 +02:00
spi-txx9.c spi: txx9: Use transfer speed unconditionally 2015-09-16 20:52:52 +01:00
spi-xcomm.c spi: xcomm: Export I2C module alias information 2015-07-31 18:14:57 +01:00
spi-xilinx.c spi: xilinx: Detect stall with Unknown commands 2018-01-02 20:33:21 +01:00
spi-xlp.c spi: xlp: fix error return code in xlp_spi_probe() 2018-11-10 07:41:40 -08:00
spi-xtensa-xtfpga.c spi: xtensa-xtfpga: fix register endianness 2015-09-22 09:30:10 -07:00
spi-zynqmp-gqspi.c spi: zynq: missing break statement 2015-07-07 19:47:50 +01:00
spi.c spi: Fix zero length xfer bug 2019-06-11 12:24:06 +02:00
spidev.c spi: spidev: Hold spi_lock over all defererences of spi in release() 2015-12-16 12:09:35 +00:00