xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libertas: check return value of alloc_workqueue

Browse Source 
Function alloc_workqueue() will return a NULL pointer if there is no
enough memory, and its return value should be validated before using.
However, in function if_spi_probe(), its return value is not checked.
This may result in a NULL dereference bug. This patch fixes the bug.

Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This commit is contained in:
Pan Bian
2017-04-23 21:19:38 +08:00
committed by Kalle Valo
parent 5fb01e91da
commit dc3f89c38a
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/net/wireless/marvell/libertas/if_spi.c
View File

@@ -1181,6 +1181,10 @@ static int if_spi_probe(struct spi_device *spi)
/* Initialize interrupt handling stuff. */ /* Initialize interrupt handling stuff. */
card->workqueue = alloc_workqueue("libertas_spi", WQ_MEM_RECLAIM, 0); card->workqueue = alloc_workqueue("libertas_spi", WQ_MEM_RECLAIM, 0);
if (!card->workqueue) {
err = -ENOMEM;
goto remove_card;
}
INIT_WORK(&card->packet_work, if_spi_host_to_card_worker); INIT_WORK(&card->packet_work, if_spi_host_to_card_worker);
INIT_WORK(&card->resume_work, if_spi_resume_worker); INIT_WORK(&card->resume_work, if_spi_resume_worker);
@@ -1209,6 +1213,7 @@ release_irq:
free_irq(spi->irq, card); free_irq(spi->irq, card);
terminate_workqueue: terminate_workqueue:
destroy_workqueue(card->workqueue); destroy_workqueue(card->workqueue);
remove_card:
lbs_remove_card(priv); /* will call free_netdev */ lbs_remove_card(priv); /* will call free_netdev */
free_card: free_card:
free_if_spi_card(card); free_if_spi_card(card);