[PATCH] spi: Avoid calling spi_slave_abort() with kfreed spidev
From: Lukasz Majewski
Date: Tue Oct 01 2019 - 05:07:18 EST
Call spi_slave_abort() only when the spidev->spi is !NULL and the
structure hasn't already been kfreed.
Reported-by: kbuild test robot <lkp@xxxxxxxxx>
Reported-by: Julia Lawall <julia.lawall@xxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Lukasz Majewski <lukma@xxxxxxx>
---
This fix applies on:
repo: https://kernel.googlesource.com/pub/scm/linux/kernel/git/broonie/spi.git
branch: for-5.4
SHA1: 6b04e47b73f2a0d2c330cecca99f8e2cb8f85b34
---
drivers/spi/spidev.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c
index 3ea9d8a3e6e8..2c6d4dbeebac 100644
--- a/drivers/spi/spidev.c
+++ b/drivers/spi/spidev.c
@@ -600,15 +600,16 @@ static int spidev_open(struct inode *inode, struct file *filp)
static int spidev_release(struct inode *inode, struct file *filp)
{
struct spidev_data *spidev;
+ int dofree;
mutex_lock(&device_list_lock);
spidev = filp->private_data;
filp->private_data = NULL;
+ dofree = 0;
/* last close? */
spidev->users--;
if (!spidev->users) {
- int dofree;
kfree(spidev->tx_buffer);
spidev->tx_buffer = NULL;
@@ -628,7 +629,8 @@ static int spidev_release(struct inode *inode, struct file *filp)
kfree(spidev);
}
#ifdef CONFIG_SPI_SLAVE
- spi_slave_abort(spidev->spi);
+ if (!dofree)
+ spi_slave_abort(spidev->spi);
#endif
mutex_unlock(&device_list_lock);
--
2.20.1