3.13-stable patches

added patches:
	spi-fix-crash-with-double-message-finalisation-on-error-handling.patch

diff --git a/queue-3.13/series b/queue-3.13/series
index fd00d4813449f098f603712c5447bbc06e4a0475..77394438539f2ed0371773655347ba5ce577786c 100644 (file)
--- a/queue-3.13/series
+++ b/queue-3.13/series
@@ -18,3 +18,4 @@ ar5523-fix-usb-id-for-gigaset.patch
 s390-dump-fix-dump-memory-detection.patch
 s390-fix-kernel-crash-due-to-linkage-stack-instructions.patch
 nl80211-reset-split_start-when-netlink-skb-is-exhausted.patch
+spi-fix-crash-with-double-message-finalisation-on-error-handling.patch

diff --git a/queue-3.13/spi-fix-crash-with-double-message-finalisation-on-error-handling.patch b/queue-3.13/spi-fix-crash-with-double-message-finalisation-on-error-handling.patch
new file mode 100644 (file)
index 0000000..e571496
--- /dev/null
+++ b/queue-3.13/spi-fix-crash-with-double-message-finalisation-on-error-handling.patch
@@ -0,0 +1,45 @@
+From 1f802f8249a0da536877842c43c7204064c4de8b Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
+Date: Tue, 28 Jan 2014 10:33:03 +0100
+Subject: spi: Fix crash with double message finalisation on error handling
+
+From: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
+
+commit 1f802f8249a0da536877842c43c7204064c4de8b upstream.
+
+This reverts commit e120cc0dcf2880a4c5c0a6cb27b655600a1cfa1d.
+
+It causes a NULL pointer dereference with drivers using the generic
+spi_transfer_one_message(), which always calls
+spi_finalize_current_message(), which zeroes master->cur_msg.
+
+Drivers implementing transfer_one_message() theirselves must always call
+spi_finalize_current_message(), even if the transfer failed:
+
+ * @transfer_one_message: the subsystem calls the driver to transfer a single
+ *      message while queuing transfers that arrive in the meantime. When the
+ *      driver is finished with this message, it must call
+ *      spi_finalize_current_message() so the subsystem can issue the next
+ *      transfer
+
+Signed-off-by: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/spi/spi.c |    4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/spi/spi.c
++++ b/drivers/spi/spi.c
+@@ -735,9 +735,7 @@ static void spi_pump_messages(struct kth
+       ret = master->transfer_one_message(master, master->cur_msg);
+       if (ret) {
+               dev_err(&master->dev,
+-                      "failed to transfer one message from queue: %d\n", ret);
+-              master->cur_msg->status = ret;
+-              spi_finalize_current_message(master);
++                      "failed to transfer one message from queue\n");
+               return;
+       }
+ }