From 0faac26dded4e70830ab9a99ea26efa6cc6d4e66 Mon Sep 17 00:00:00 2001 From: Shaun Ruffell Date: Mon, 2 Dec 2013 13:36:59 -0600 Subject: [PATCH] wcxb: Do not access cur_transfer/cur_msg outside of lock. The spi master cur_transfer and cur_msg should only be changed under the spin_lock for the master. The result is that if running user space tools, like fxstest, that check registers on the modules, it's possible to have a message that was not yet complete flagged as completed which would result in a bad read. This does not affect "normal" operation of the wcaxx driver since interrupts are not enabled during module detection, and during normal operation all access to the resgisters is done in the context of the interrupt handler. This would only be an issue if the interrupt handler was running and register accesses are tried in user space context on an SMP system. Signed-off-by: Shaun Ruffell --- drivers/dahdi/wcxb_spi.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/dahdi/wcxb_spi.c b/drivers/dahdi/wcxb_spi.c index aad262e..d7313c6 100644 --- a/drivers/dahdi/wcxb_spi.c +++ b/drivers/dahdi/wcxb_spi.c @@ -291,14 +291,18 @@ _wcxb_spi_next_transfer(struct wcxb_spi_transfer *t) */ void wcxb_spi_handle_interrupt(struct wcxb_spi_master *master) { - struct wcxb_spi_message *msg = master->cur_msg; - struct wcxb_spi_transfer *t = master->cur_transfer; + struct wcxb_spi_message *msg; + struct wcxb_spi_transfer *t; void (*complete)(void *arg) = NULL; unsigned long flags; /* Check if we're not in the middle of a transfer, or not finished with * a part of one. */ spin_lock_irqsave(&master->lock, flags); + + t = master->cur_transfer; + msg = master->cur_msg; + if (!msg || !is_txfifo_empty(master)) goto done;