3.4-stable patches

added patches:
	spi-fix-crash-with-double-message-finalisation-on-error-handling.patch

diff --git a/queue-3.4/series b/queue-3.4/series
index d16a60f77f1b5fe3f77ad9815c7552650bdb9765..51df4d47cba26b74636da13056d65a4fc04aedd1 100644 (file)
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -3,3 +3,4 @@ fs-file.c-fdtable-avoid-triggering-ooms-from-alloc_fdmem.patch
 mac80211-fix-fragmentation-code-particularly-for-encryption.patch
 s390-dump-fix-dump-memory-detection.patch
 s390-fix-kernel-crash-due-to-linkage-stack-instructions.patch
+spi-fix-crash-with-double-message-finalisation-on-error-handling.patch

diff --git a/queue-3.4/spi-fix-crash-with-double-message-finalisation-on-error-handling.patch b/queue-3.4/spi-fix-crash-with-double-message-finalisation-on-error-handling.patch
new file mode 100644 (file)
index 0000000..06a34e2
--- /dev/null
+++ b/queue-3.4/spi-fix-crash-with-double-message-finalisation-on-error-handling.patch
@@ -0,0 +1,45 @@
+From 1f802f8249a0da536877842c43c7204064c4de8b Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
+Date: Tue, 28 Jan 2014 10:33:03 +0100
+Subject: spi: Fix crash with double message finalisation on error handling
+
+From: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
+
+commit 1f802f8249a0da536877842c43c7204064c4de8b upstream.
+
+This reverts commit e120cc0dcf2880a4c5c0a6cb27b655600a1cfa1d.
+
+It causes a NULL pointer dereference with drivers using the generic
+spi_transfer_one_message(), which always calls
+spi_finalize_current_message(), which zeroes master->cur_msg.
+
+Drivers implementing transfer_one_message() theirselves must always call
+spi_finalize_current_message(), even if the transfer failed:
+
+ * @transfer_one_message: the subsystem calls the driver to transfer a single
+ *      message while queuing transfers that arrive in the meantime. When the
+ *      driver is finished with this message, it must call
+ *      spi_finalize_current_message() so the subsystem can issue the next
+ *      transfer
+
+Signed-off-by: Geert Uytterhoeven <geert+renesas@linux-m68k.org>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/spi/spi.c |    4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/spi/spi.c
++++ b/drivers/spi/spi.c
+@@ -572,9 +572,7 @@ static void spi_pump_messages(struct kth
+       ret = master->transfer_one_message(master, master->cur_msg);
+       if (ret) {
+               dev_err(&master->dev,
+-                      "failed to transfer one message from queue: %d\n", ret);
+-              master->cur_msg->status = ret;
+-              spi_finalize_current_message(master);
++                      "failed to transfer one message from queue\n");
+               return;
+       }
+ }