This is a note to let you know that I've just added the patch titled
libertas: check return value of alloc_workqueue
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
libertas-check-return-value-of-alloc_workqueue.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Thu Mar 22 14:40:23 CET 2018
From: Pan Bian <bianpan2016@xxxxxxx>
Date: Sun, 23 Apr 2017 21:19:38 +0800
Subject: libertas: check return value of alloc_workqueue
From: Pan Bian <bianpan2016@xxxxxxx>
[ Upstream commit dc3f89c38a8406554ffeffa370aad086a9c5e9de ]
Function alloc_workqueue() will return a NULL pointer if there is no
enough memory, and its return value should be validated before using.
However, in function if_spi_probe(), its return value is not checked.
This may result in a NULL dereference bug. This patch fixes the bug.
Signed-off-by: Pan Bian <bianpan2016@xxxxxxx>
Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/wireless/marvell/libertas/if_spi.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/wireless/marvell/libertas/if_spi.c
+++ b/drivers/net/wireless/marvell/libertas/if_spi.c
@@ -1181,6 +1181,10 @@ static int if_spi_probe(struct spi_devic
/* Initialize interrupt handling stuff. */
card->workqueue = alloc_workqueue("libertas_spi", WQ_MEM_RECLAIM, 0);
+ if (!card->workqueue) {
+ err = -ENOMEM;
+ goto remove_card;
+ }
INIT_WORK(&card->packet_work, if_spi_host_to_card_worker);
INIT_WORK(&card->resume_work, if_spi_resume_worker);
@@ -1209,6 +1213,7 @@ release_irq:
free_irq(spi->irq, card);
terminate_workqueue:
destroy_workqueue(card->workqueue);
+remove_card:
lbs_remove_card(priv); /* will call free_netdev */
free_card:
free_if_spi_card(card);
Patches currently in stable-queue which might be from bianpan2016@xxxxxxx are
queue-4.9/tipc-check-return-value-of-nlmsg_new.patch
queue-4.9/mt7601u-check-return-value-of-alloc_skb.patch
queue-4.9/rndis_wlan-add-return-value-validation.patch
queue-4.9/libertas-check-return-value-of-alloc_workqueue.patch
queue-4.9/staging-wilc1000-fix-unchecked-return-value.patch
queue-4.9/qlcnic-fix-unchecked-return-value.patch
queue-4.9/wan-pc300too-abort-path-on-failure.patch
queue-4.9/power-supply-isp1704-fix-unchecked-return-value-of-devm_kzalloc.patch