| Age | Commit message (Collapse) | Author |
|---|
|
[ Upstream commit 5caaf29af5ca82d5da8bc1d0ad07d9e664ccf1d8 ]
If spi_register_master fails in spi_bitbang_start
because device_add failure, We should return the
error code other than 0, otherwise calling
spi_bitbang_stop may trigger NULL pointer dereference
like this:
BUG: KASAN: null-ptr-deref in __list_del_entry_valid+0x45/0xd0
Read of size 8 at addr 0000000000000000 by task syz-executor.0/3661
CPU: 0 PID: 3661 Comm: syz-executor.0 Not tainted 5.1.0+ #28
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
dump_stack+0xa9/0x10e
? __list_del_entry_valid+0x45/0xd0
? __list_del_entry_valid+0x45/0xd0
__kasan_report+0x171/0x18d
? __list_del_entry_valid+0x45/0xd0
kasan_report+0xe/0x20
__list_del_entry_valid+0x45/0xd0
spi_unregister_controller+0x99/0x1b0
spi_lm70llp_attach+0x3ae/0x4b0 [spi_lm70llp]
? 0xffffffffc1128000
? klist_next+0x131/0x1e0
? driver_detach+0x40/0x40 [parport]
port_check+0x3b/0x50 [parport]
bus_for_each_dev+0x115/0x180
? subsys_dev_iter_exit+0x20/0x20
__parport_register_driver+0x1f0/0x210 [parport]
? 0xffffffffc1150000
do_one_initcall+0xb9/0x3b5
? perf_trace_initcall_level+0x270/0x270
? kasan_unpoison_shadow+0x30/0x40
? kasan_unpoison_shadow+0x30/0x40
do_init_module+0xe0/0x330
load_module+0x38eb/0x4270
? module_frob_arch_sections+0x20/0x20
? kernel_read_file+0x188/0x3f0
? find_held_lock+0x6d/0xd0
? fput_many+0x1a/0xe0
? __do_sys_finit_module+0x162/0x190
__do_sys_finit_module+0x162/0x190
? __ia32_sys_init_module+0x40/0x40
? __mutex_unlock_slowpath+0xb4/0x3f0
? wait_for_completion+0x240/0x240
? vfs_write+0x160/0x2a0
? lockdep_hardirqs_off+0xb5/0x100
? mark_held_locks+0x1a/0x90
? do_syscall_64+0x14/0x2a0
do_syscall_64+0x72/0x2a0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 702a4879ec33 ("spi: bitbang: Let spi_bitbang_start() take a reference to master")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
Change the bitbang driver to use the generic implementation of
transfer_one_message. This simplifies the bitbang driver code and
provides benefits like the statistics in the generic implementation.
Successfully tested on a IMX6-based system (spi-imx) and on a MIPS-based
router (OpenWRT with spi-ath79).
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
|
|
Remove an unneeded check. The SPI core (__spi_validate) takes care
that these fields are always populated.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
|
|
chipselect (in the case of spi-gpio: spi_gpio_chipselect, which
calls gpiod_set_raw_value_cansleep) can sleep, so we should not
hold a spinlock while calling it from spi_bitbang_setup.
This issue was introduced by this commit, which converted spi-gpio
to cansleep variants:
d9dda5a191 "spi: spi-gpio: Use 'cansleep' variants to access GPIO"
Replacing the lock variable by a mutex fixes the issue: This is
safe as all instances where the lock is used are called from
contexts that can sleep.
Finally, update spi-ppc4xx and and spi-s3c24xx to use mutex
functions, as they directly hold the lock for similar purpose.
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
|
|
Some controller drivers have no need of this callback (spi-altera even
causes a NULL pointer dereference because it doesn't register the callback,
falsely assuming that it is already optional).
Fixes: 30af9b558a56 ("spi/bitbang: Drop empty setup() functions")
Signed-off-by: Pelle Nilsson <per.nilsson@xelmo.com>
Reviewed-by: Ezequiel Garcia <ezequiel.garcia@vanguardiasur.com.ar>
Signed-off-by: Mark Brown <broonie@kernel.org>
|
|
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
|
|
'spi/topic/mpc512x-psc', 'spi/topic/mpc52xx', 'spi/topic/mxs', 'spi/topic/nuc900', 'spi/topic/oc-tiny' and 'spi/topic/octeon' into spi-next
|
|
spi_bitbang_stop() never fails, so make it return void.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
None of these files are actually using any __init type directives
and hence don't need to include <linux/init.h>. Most are just a
left over from __devinit and __cpuinit removal, or simply due to
code getting copied from one driver to the next.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
Fix the following checkpatch warnings
WARNING: sizeof *cs should be sizeof(*cs)
WARNING: please, no space before tabs
WARNING: space prohibited between function name and open parenthesis '('
WARNING: line over 80 characters
Signed-off-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
Many drivers that use bitbang library have a leak on probe error paths.
This is because once a spi_master_get() call succeeds, we need an additional
spi_master_put() call to free the memory.
Fix this issue by moving the code taking a reference to master to
spi_bitbang_start(), so spi_bitbang_start() will take a reference to master on
success. With this change, the caller is responsible for calling
spi_bitbang_stop() to decrement the reference and spi_master_put() as
counterpart of spi_alloc_master() to prevent a memory leak.
So now we have below patten for drivers using bitbang library:
probe:
spi_alloc_master -> Init reference count to 1
spi_bitbang_start -> Increment reference count
remove:
spi_bitbang_stop -> Decrement reference count
spi_master_put -> Decrement reference count (reference count reaches 0)
Fixup all users accordingly.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Suggested-by: Uwe Kleine-Koenig <u.kleine-koenig@pengutronix.de>
Acked-by: Uwe Kleine-Koenig <u.kleine-koenig@pengutronix.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
Pull trivial tree from Jiri Kosina:
"The usual trivial updates all over the tree -- mostly typo fixes and
documentation updates"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (52 commits)
doc: Documentation/cputopology.txt fix typo
treewide: Convert retrun typos to return
Fix comment typo for init_cma_reserved_pageblock
Documentation/trace: Correcting and extending tracepoint documentation
mm/hotplug: fix a typo in Documentation/memory-hotplug.txt
power: Documentation: Update s2ram link
doc: fix a typo in Documentation/00-INDEX
Documentation/printk-formats.txt: No casts needed for u64/s64
doc: Fix typo "is is" in Documentations
treewide: Fix printks with 0x%#
zram: doc fixes
Documentation/kmemcheck: update kmemcheck documentation
doc: documentation/hwspinlock.txt fix typo
PM / Hibernate: add section for resume options
doc: filesystems : Fix typo in Documentations/filesystems
scsi/megaraid fixed several typos in comments
ppc: init_32: Fix error typo "CONFIG_START_KERNEL"
treewide: Add __GFP_NOWARN to k.alloc calls with v.alloc fallbacks
page_isolation: Fix a comment typo in test_pages_isolated()
doc: fix a typo about irq affinity
...
|
|
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
|
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
It's perfectly valid not to have a setup callback when the probe routine
does all the needed things. So don't even check for this case and trust
the caller.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
Since commit 2025172e3 (spi/bitbang: Use core message pump), the following
kernel crash is seen:
Unable to handle kernel NULL pointer dereference at virtual address 0000000d
pgd = 80004000
[0000000d] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Modules linked in:
CPU: 1 PID: 48 Comm: spi32766 Not tainted 3.11.0-rc1+ #4
task: bfa3e580 ti: bfb90000 task.ti: bfb90000
PC is at spi_bitbang_transfer_one+0x50/0x248
LR is at spi_bitbang_transfer_one+0x20/0x248
...
,and also the following build warning:
drivers/spi/spi-bitbang.c: In function 'spi_bitbang_start':
drivers/spi/spi-bitbang.c:436:31: warning: assignment from incompatible pointer type [enabled by default]
In order to fix it, we need to change the first parameter of
spi_bitbang_transfer_one() to 'struct spi_master *master'.
Tested on a mx6qsabrelite by succesfully probing a SPI NOR flash.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
Convert drivers using bitbang to use the core mesasge pump infrastructure,
saving some code and meaning that these drivers get to take advantage of
work done on improving the core implementation.
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
In order to make it easier to convert to transfer_one_message() lift the
code that does the actual message transfer out of the work function that
implements the message pump. This should have no functional impact, it's
just a simple code motion patch.
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
Currently no drivers use the ability to override spi_bitbang_transfer()
and if any started this would make it harder to convert the bitbang code
to use transfer_one_message() so remove the export in order to prevent
anyone starting.
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/misc.git
Minor features and bug fixes for PXA, OMAP and GPIO deivce drivers and a
cosmetic change to the bitbang driver.
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
|
|
The spi core make sure that each transfer structure have the proper
setting for bits_per_word before calling low level transfer APIs.
Hence it is no more require to check again in low level driver for
this field whether this is set correct or not. Removing such code
from low level driver.
The txx9 change also removes a test for bits_per_word set to 0, and
forcing it to 8 in that case. This can also be removed now since
spi_setup() ensures spi->bits_per_word is not zero.
if (!spi->bits_per_word)
spi->bits_per_word = 8;
Signed-off-by: Laxman Dewangan <ldewangan@nvidia.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
|
|
Add a pointer variable to make spi_bitbang_start() look simpler.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
|
|
Use a proper list iterator instead of an open-coded loop and remove a
superfluous list head initialisation.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
|
|
This patch makes a loop look cleaner by replacing a "break" and a "continue"
in its body by a single "if".
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
|
|
We are clipping down the presence of module.h, since it was
everywhere. If you really need it, you better call it out,
as per this changeset.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
|
|
Sort the SPI makefile and enforce the naming convention spi_*.c for
spi drivers.
This change also rolls the contents of atmel_spi.h into the .c file
since there is only one user of that particular include file.
v2: - Use 'spi-' prefix instead of 'spi_' to match what seems to be
be the predominant pattern for subsystem prefixes.
- Clean up filenames in Kconfig and header comment blocks
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
|
