CVE-2021-46959

In the Linux kernel, the following vulnerability has been resolved: spi:
Fix use-after-free with devm_spi_alloc_* We can’t rely on the contents of
the devres list during spi_unregister_controller(), as the list is already
torn down at the time we perform devres_find() for
devm_spi_release_controller. This causes devices registered with
devm_spi_alloc_{master,slave}() to be mistakenly identified as legacy,
non-devm managed devices and have their reference counters decremented
below 0. ------------[ cut here ]------------ WARNING: CPU: 1 PID: 660 at
lib/refcount.c:28 refcount_warn_saturate+0x108/0x174 [<b0396f04>]
(refcount_warn_saturate) from [<b03c56a4>] (kobject_put+0x90/0x98)
[<b03c5614>] (kobject_put) from [<b0447b4c>] (put_device+0x20/0x24)
r4:b6700140 [<b0447b2c>] (put_device) from [<b07515e8>]
(devm_spi_release_controller+0x3c/0x40) [<b07515ac>]
(devm_spi_release_controller) from [<b045343c>] (release_nodes+0x84/0xc4)
r5:b6700180 r4:b6700100 [<b04533b8>] (release_nodes) from [<b0454160>]
(devres_release_all+0x5c/0x60) r8:b1638c54 r7:b117ad94 r6:b1638c10
r5:b117ad94 r4:b163dc10 [<b0454104>] (devres_release_all) from [<b044e41c>]
(__device_release_driver+0x144/0x1ec) r5:b117ad94 r4:b163dc10 [<b044e2d8>]
(__device_release_driver) from [<b044f70c>]
(device_driver_detach+0x84/0xa0) r9:00000000 r8:00000000 r7:b117ad94
r6:b163dc54 r5:b1638c10 r4:b163dc10 [<b044f688>] (device_driver_detach)
from [<b044d274>] (unbind_store+0xe4/0xf8) Instead, determine the devm
allocation state as a flag on the controller which is guaranteed to be
stable during cleanup.