Commit ff61eb42 authored by Geert Uytterhoeven's avatar Geert Uytterhoeven Committed by Mark Brown

spi: Make master->handle_err() callback optional to avoid crashes

If a driver doesn't implement the master->handle_err() callback and an
SPI transfer fails, the kernel will crash with a NULL pointer
dereference:

    Unable to handle kernel NULL pointer dereference at virtual address 00000000
    pgd = c0003000
    [00000000] *pgd=80000040004003, *pmd=00000000
    Internal error: Oops: 80000206 [#1] SMP ARM
    Modules linked in:
    CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.0.0-rc7-koelsch-05861-g1fc9fdd4add4f783 #1046
    Hardware name: Generic R8A7791 (Flattened Device Tree)
    task: eec359c0 ti: eec54000 task.ti: eec54000
    PC is at 0x0
    LR is at spi_transfer_one_message+0x1cc/0x1f0

Make the master->handle_err() callback optional to avoid the crash.

Also fix a spelling mistake in the callback documentation while we're at
it.

Fixes: b716c4ff ("spi: introduce master->handle_err() callback")
Signed-off-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: default avatarMark Brown <broonie@kernel.org>
parent b716c4ff
...@@ -851,7 +851,7 @@ static int spi_transfer_one_message(struct spi_master *master, ...@@ -851,7 +851,7 @@ static int spi_transfer_one_message(struct spi_master *master,
if (msg->status == -EINPROGRESS) if (msg->status == -EINPROGRESS)
msg->status = ret; msg->status = ret;
if (msg->status) if (msg->status && master->handle_err)
master->handle_err(master, msg); master->handle_err(master, msg);
spi_finalize_current_message(master); spi_finalize_current_message(master);
......
...@@ -294,7 +294,7 @@ static inline void spi_unregister_driver(struct spi_driver *sdrv) ...@@ -294,7 +294,7 @@ static inline void spi_unregister_driver(struct spi_driver *sdrv)
* transfer_one_message are mutually exclusive; when both * transfer_one_message are mutually exclusive; when both
* are set, the generic subsystem does not call your * are set, the generic subsystem does not call your
* transfer_one callback. * transfer_one callback.
* @handle_err: the subsystem calls the driver to handle and error that occurs * @handle_err: the subsystem calls the driver to handle an error that occurs
* in the generic implementation of transfer_one_message(). * in the generic implementation of transfer_one_message().
* @unprepare_message: undo any work done by prepare_message(). * @unprepare_message: undo any work done by prepare_message().
* @cs_gpios: Array of GPIOs to use as chip select lines; one per CS * @cs_gpios: Array of GPIOs to use as chip select lines; one per CS
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment