From: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
Date: Tue, 28 Jan 2014 09:33:03 +0000 (+0100)
Subject: spi: Fix crash with double message finalisation on error handling
X-Git-Tag: v3.14-rc3~30^2~1^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1f802f8249a0da536877842c43c7204064c4de8b;p=platform%2Fkernel%2Flinux-exynos.git

spi: Fix crash with double message finalisation on error handling

This reverts commit e120cc0dcf2880a4c5c0a6cb27b655600a1cfa1d.

It causes a NULL pointer dereference with drivers using the generic
spi_transfer_one_message(), which always calls
spi_finalize_current_message(), which zeroes master->cur_msg.

Drivers implementing transfer_one_message() theirselves must always call
spi_finalize_current_message(), even if the transfer failed:

 * @transfer_one_message: the subsystem calls the driver to transfer a single
 *      message while queuing transfers that arrive in the meantime. When the
 *      driver is finished with this message, it must call
 *      spi_finalize_current_message() so the subsystem can issue the next
 *      transfer

Signed-off-by: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
Signed-off-by: Mark Brown <broonie@linaro.org>
---

diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 63613a9..26f4afd 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -745,9 +745,7 @@ static void spi_pump_messages(struct kthread_work *work)
 	ret = master->transfer_one_message(master, master->cur_msg);
 	if (ret) {
 		dev_err(&master->dev,
-			"failed to transfer one message from queue: %d\n", ret);
-		master->cur_msg->status = ret;
-		spi_finalize_current_message(master);
+			"failed to transfer one message from queue\n");
 		return;
 	}
 }