This is a note to let you know that I've just added the patch titled rfkill: Fix incorrect check to avoid NULL pointer dereference to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: rfkill-fix-incorrect-check-to-avoid-null-pointer-der.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 8b1594405b7ae0244cee46767234a26c2416bb55 Author: Aditya Pakki <pakki001@xxxxxxx> Date: Sun Dec 15 09:34:08 2019 -0600 rfkill: Fix incorrect check to avoid NULL pointer dereference [ Upstream commit 6fc232db9e8cd50b9b83534de9cd91ace711b2d7 ] In rfkill_register, the struct rfkill pointer is first derefernced and then checked for NULL. This patch removes the BUG_ON and returns an error to the caller in case rfkill is NULL. Signed-off-by: Aditya Pakki <pakki001@xxxxxxx> Link: https://lore.kernel.org/r/20191215153409.21696-1-pakki001@xxxxxxx Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/net/rfkill/core.c b/net/rfkill/core.c index 884027f62783..87c35844d7d9 100644 --- a/net/rfkill/core.c +++ b/net/rfkill/core.c @@ -940,10 +940,13 @@ static void rfkill_sync_work(struct work_struct *work) int __must_check rfkill_register(struct rfkill *rfkill) { static unsigned long rfkill_no; - struct device *dev = &rfkill->dev; + struct device *dev; int error; - BUG_ON(!rfkill); + if (!rfkill) + return -EINVAL; + + dev = &rfkill->dev; mutex_lock(&rfkill_global_mutex);