[PATCH 5.9 062/255] spi: fsl-dspi: fix wrong pointer in suspend/resume

Tue, 17 Nov 2020 05:35:09 -0800 

From: Zhao Qiang <qiang.z...@nxp.com>

[ Upstream commit 9bd77a9ce31dd242fece27219d14fbee5068dd85 ]

Since commit 530b5affc675 ("spi: fsl-dspi: fix use-after-free in
remove path"), this driver causes a "NULL pointer dereference"
in dspi_suspend/resume.
This is because since this commit, the drivers private data point to
"dspi" instead of "ctlr", the codes in suspend and resume func were
not modified correspondly.

Fixes: 530b5affc675 ("spi: fsl-dspi: fix use-after-free in remove path")
Signed-off-by: Zhao Qiang <qiang.z...@nxp.com>
Reviewed-by: Vladimir Oltean <olte...@gmail.com>
Link: https://lore.kernel.org/r/20201103020546.1822-1-qiang.z...@nxp.com
Signed-off-by: Mark Brown <broo...@kernel.org>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
 drivers/spi/spi-fsl-dspi.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c
index 108a7d50d2c37..a96762ffb70b6 100644
--- a/drivers/spi/spi-fsl-dspi.c
+++ b/drivers/spi/spi-fsl-dspi.c
@@ -1106,12 +1106,11 @@ MODULE_DEVICE_TABLE(of, fsl_dspi_dt_ids);
 #ifdef CONFIG_PM_SLEEP
 static int dspi_suspend(struct device *dev)
 {
-       struct spi_controller *ctlr = dev_get_drvdata(dev);
-       struct fsl_dspi *dspi = spi_controller_get_devdata(ctlr);
+       struct fsl_dspi *dspi = dev_get_drvdata(dev);
 
        if (dspi->irq)
                disable_irq(dspi->irq);
-       spi_controller_suspend(ctlr);
+       spi_controller_suspend(dspi->ctlr);
        clk_disable_unprepare(dspi->clk);
 
        pinctrl_pm_select_sleep_state(dev);
@@ -1121,8 +1120,7 @@ static int dspi_suspend(struct device *dev)
 
 static int dspi_resume(struct device *dev)
 {
-       struct spi_controller *ctlr = dev_get_drvdata(dev);
-       struct fsl_dspi *dspi = spi_controller_get_devdata(ctlr);
+       struct fsl_dspi *dspi = dev_get_drvdata(dev);
        int ret;
 
        pinctrl_pm_select_default_state(dev);
@@ -1130,7 +1128,7 @@ static int dspi_resume(struct device *dev)
        ret = clk_prepare_enable(dspi->clk);
        if (ret)
                return ret;
-       spi_controller_resume(ctlr);
+       spi_controller_resume(dspi->ctlr);
        if (dspi->irq)
                enable_irq(dspi->irq);
 
-- 
2.27.0

Reply via email to