From patchwork Fri Mar 12 16:59:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Krzysztof Kozlowski X-Patchwork-Id: 1452224 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DxsVc28Xcz9sVw; Sat, 13 Mar 2021 03:59:34 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lKl8K-00030i-GH; Fri, 12 Mar 2021 16:59:28 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKl8J-00030T-5G for kernel-team@lists.ubuntu.com; Fri, 12 Mar 2021 16:59:27 +0000 Received: from mail-wr1-f69.google.com ([209.85.221.69]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKl8I-0007Tp-SY for kernel-team@lists.ubuntu.com; Fri, 12 Mar 2021 16:59:26 +0000 Received: by mail-wr1-f69.google.com with SMTP id m23so6405690wrh.7 for ; Fri, 12 Mar 2021 08:59:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/aGCRu58o6vsDrQ6bZ9dK9AFvSsn9byuQtC3wWz6DkY=; b=iB+dF40slZIXg+bAN8sh0xIBWBIWmfDdGR+F41cjzD6FQdzYegVqQUAzd/QeJLxp8O c4fWiTcK26ScKJ3xncUhSJysOMAqZHUE/EHIW35WVXkcpsbNsGKbZ44p6wPGRZRvR28M rqvGvtkm9EUokJSc/B1FDUv2raH+BEqvoIe9lBGI+5T8/FE5W27eoVAG11fRgX299gcr 6hxgZbTvg13uJ678pecVFU9iOWf85okiAHc/iOBTsOphycauPaAOy6+rk8hj/HFlqu7Q S7rpmZx/17HjuAzXL6+YbNwohErriv5uVEasnWxtfCfKD0Vv9RqgCrslEQiEoHLb8BMs ooxg== X-Gm-Message-State: AOAM532wpSSFhPkBxEqpslvdJnGngrB4Po/P/6p8BguOcypK/s5TYRuT 9krzKXVZ97F5vagY0wWqK4JOViStFOOcjGuQpSAy55VImZSAF//CVRx87IU9W5CR+mhhUtfC+Wb W1zDwKfrSTOL4sdvf2zwCFk7kOvCMwP7OZYXovhwuuQ== X-Received: by 2002:a1c:df46:: with SMTP id w67mr13920043wmg.176.1615568366434; Fri, 12 Mar 2021 08:59:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJwOMEtmfnKI1slt6iQecJ3zqcjX5gEd6nCpxiF4xYQqDQbvC45aRXGMzlFUcl55ZFCCO/pOYA== X-Received: by 2002:a1c:df46:: with SMTP id w67mr13920036wmg.176.1615568366322; Fri, 12 Mar 2021 08:59:26 -0800 (PST) Received: from localhost.localdomain (adsl-84-226-167-205.adslplus.ch. [84.226.167.205]) by smtp.gmail.com with ESMTPSA id i4sm2726293wmq.12.2021.03.12.08.59.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Mar 2021 08:59:26 -0800 (PST) From: Krzysztof Kozlowski To: kernel-team@lists.ubuntu.com Subject: [SRU][X][PATCH 1/1] libertas: fix a potential NULL pointer dereference Date: Fri, 12 Mar 2021 17:59:18 +0100 Message-Id: <20210312165918.16933-2-krzysztof.kozlowski@canonical.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210312165918.16933-1-krzysztof.kozlowski@canonical.com> References: <20210312165918.16933-1-krzysztof.kozlowski@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Allen Pais CVE-2019-16232 alloc_workqueue is not checked for errors and as a result, a potential NULL dereference could occur. Signed-off-by: Allen Pais Signed-off-by: Kalle Valo (cherry picked from commit 7da413a18583baaf35dd4a8eb414fa410367d7f2) [krzk: backport applied to different path - without marvell subdir, create_workqueue is a wrapper for alloc_workqueue] Signed-off-by: Krzysztof Kozlowski --- drivers/net/wireless/libertas/if_sdio.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/wireless/libertas/if_sdio.c b/drivers/net/wireless/libertas/if_sdio.c index 33ceda296c9c..45d68ee682f6 100644 --- a/drivers/net/wireless/libertas/if_sdio.c +++ b/drivers/net/wireless/libertas/if_sdio.c @@ -1229,6 +1229,10 @@ static int if_sdio_probe(struct sdio_func *func, spin_lock_init(&card->lock); card->workqueue = create_workqueue("libertas_sdio"); + if (unlikely(!card->workqueue)) { + ret = -ENOMEM; + goto err_queue; + } INIT_WORK(&card->packet_worker, if_sdio_host_to_card_worker); init_waitqueue_head(&card->pwron_waitq); @@ -1282,6 +1286,7 @@ err_activate_card: lbs_remove_card(priv); free: destroy_workqueue(card->workqueue); +err_queue: while (card->packets) { packet = card->packets; card->packets = card->packets->next;