From: Sasha Levin Date: Mon, 4 Dec 2023 19:50:16 +0000 (-0500) Subject: Drop spi-fix-null-dereference-on-suspend.patch-13256 X-Git-Tag: v4.14.332~23^2~23 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3438adefb6012cde7e5f33e676487f1126445554;p=thirdparty%2Fkernel%2Fstable-queue.git Drop spi-fix-null-dereference-on-suspend.patch-13256 Signed-off-by: Sasha Levin --- diff --git a/queue-6.1/series b/queue-6.1/series index b2129c05454..d94c6f2630c 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -92,7 +92,6 @@ iommu-vt-d-add-device_block_translation-helper.patch iommu-vt-d-disable-pci-ats-in-legacy-passthrough-mod.patch iommu-vt-d-make-context-clearing-consistent-with-con.patch drm-amd-pm-fix-a-memleak-in-aldebaran_tables_init.patch -spi-fix-null-dereference-on-suspend.patch-13256 drm-amd-display-restore-rptr-wptr-for-dmcub-as-worka.patch-32587 drm-amd-display-guard-against-invalid-rptr-wptr-bein.patch-19687 cpufreq-imx6q-don-t-warn-for-disabling-a-non-existin.patch-8216 diff --git a/queue-6.1/spi-fix-null-dereference-on-suspend.patch-13256 b/queue-6.1/spi-fix-null-dereference-on-suspend.patch-13256 deleted file mode 100644 index 1397b0e356d..00000000000 --- a/queue-6.1/spi-fix-null-dereference-on-suspend.patch-13256 +++ /dev/null @@ -1,153 +0,0 @@ -From d817e2fd7ff98ee3f819cf0c5c7f81c5da26a904 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 7 Nov 2023 14:47:43 -0700 -Subject: spi: Fix null dereference on suspend - -From: Mark Hasemeyer - -[ Upstream commit bef4a48f4ef798c4feddf045d49e53c8a97d5e37 ] - -A race condition exists where a synchronous (noqueue) transfer can be -active during a system suspend. This can cause a null pointer -dereference exception to occur when the system resumes. - -Example order of events leading to the exception: -1. spi_sync() calls __spi_transfer_message_noqueue() which sets - ctlr->cur_msg -2. Spi transfer begins via spi_transfer_one_message() -3. System is suspended interrupting the transfer context -4. System is resumed -6. spi_controller_resume() calls spi_start_queue() which resets cur_msg - to NULL -7. Spi transfer context resumes and spi_finalize_current_message() is - called which dereferences cur_msg (which is now NULL) - -Wait for synchronous transfers to complete before suspending by -acquiring the bus mutex and setting/checking a suspend flag. - -Signed-off-by: Mark Hasemeyer -Link: https://lore.kernel.org/r/20231107144743.v1.1.I7987f05f61901f567f7661763646cb7d7919b528@changeid -Signed-off-by: Mark Brown -Cc: stable@kernel.org -Signed-off-by: Sasha Levin ---- - drivers/spi/spi.c | 56 ++++++++++++++++++++++++++++------------- - include/linux/spi/spi.h | 1 + - 2 files changed, 40 insertions(+), 17 deletions(-) - -diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 151fef199c380..5d046be8b2dd5 100644 ---- a/drivers/spi/spi.c -+++ b/drivers/spi/spi.c -@@ -3299,33 +3299,52 @@ void spi_unregister_controller(struct spi_controller *ctlr) - } - EXPORT_SYMBOL_GPL(spi_unregister_controller); - -+static inline int __spi_check_suspended(const struct spi_controller *ctlr) -+{ -+ return ctlr->flags & SPI_CONTROLLER_SUSPENDED ? -ESHUTDOWN : 0; -+} -+ -+static inline void __spi_mark_suspended(struct spi_controller *ctlr) -+{ -+ mutex_lock(&ctlr->bus_lock_mutex); -+ ctlr->flags |= SPI_CONTROLLER_SUSPENDED; -+ mutex_unlock(&ctlr->bus_lock_mutex); -+} -+ -+static inline void __spi_mark_resumed(struct spi_controller *ctlr) -+{ -+ mutex_lock(&ctlr->bus_lock_mutex); -+ ctlr->flags &= ~SPI_CONTROLLER_SUSPENDED; -+ mutex_unlock(&ctlr->bus_lock_mutex); -+} -+ - int spi_controller_suspend(struct spi_controller *ctlr) - { -- int ret; -+ int ret = 0; - - /* Basically no-ops for non-queued controllers */ -- if (!ctlr->queued) -- return 0; -- -- ret = spi_stop_queue(ctlr); -- if (ret) -- dev_err(&ctlr->dev, "queue stop failed\n"); -+ if (ctlr->queued) { -+ ret = spi_stop_queue(ctlr); -+ if (ret) -+ dev_err(&ctlr->dev, "queue stop failed\n"); -+ } - -+ __spi_mark_suspended(ctlr); - return ret; - } - EXPORT_SYMBOL_GPL(spi_controller_suspend); - - int spi_controller_resume(struct spi_controller *ctlr) - { -- int ret; -- -- if (!ctlr->queued) -- return 0; -+ int ret = 0; - -- ret = spi_start_queue(ctlr); -- if (ret) -- dev_err(&ctlr->dev, "queue restart failed\n"); -+ __spi_mark_resumed(ctlr); - -+ if (ctlr->queued) { -+ ret = spi_start_queue(ctlr); -+ if (ret) -+ dev_err(&ctlr->dev, "queue restart failed\n"); -+ } - return ret; - } - EXPORT_SYMBOL_GPL(spi_controller_resume); -@@ -4050,8 +4069,7 @@ static void __spi_transfer_message_noqueue(struct spi_controller *ctlr, struct s - ctlr->cur_msg = msg; - ret = __spi_pump_transfer_message(ctlr, msg, was_busy); - if (ret) -- goto out; -- -+ dev_err(&ctlr->dev, "noqueue transfer failed\n"); - ctlr->cur_msg = NULL; - ctlr->fallback = false; - -@@ -4067,7 +4085,6 @@ static void __spi_transfer_message_noqueue(struct spi_controller *ctlr, struct s - spi_idle_runtime_pm(ctlr); - } - --out: - mutex_unlock(&ctlr->io_mutex); - } - -@@ -4090,6 +4107,11 @@ static int __spi_sync(struct spi_device *spi, struct spi_message *message) - int status; - struct spi_controller *ctlr = spi->controller; - -+ if (__spi_check_suspended(ctlr)) { -+ dev_warn_once(&spi->dev, "Attempted to sync while suspend\n"); -+ return -ESHUTDOWN; -+ } -+ - status = __spi_validate(spi, message); - if (status != 0) - return status; -diff --git a/include/linux/spi/spi.h b/include/linux/spi/spi.h -index fbf8c0d95968e..877395e075afe 100644 ---- a/include/linux/spi/spi.h -+++ b/include/linux/spi/spi.h -@@ -531,6 +531,7 @@ struct spi_controller { - #define SPI_CONTROLLER_MUST_TX BIT(4) /* Requires tx */ - - #define SPI_MASTER_GPIO_SS BIT(5) /* GPIO CS must select slave */ -+#define SPI_CONTROLLER_SUSPENDED BIT(6) /* Currently suspended */ - - /* Flag indicating if the allocation of this struct is devres-managed */ - bool devm_allocated; --- -2.42.0 -