Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1045486AbdDWNHB (ORCPT ); Sun, 23 Apr 2017 09:07:01 -0400 Received: from m50-134.163.com ([123.125.50.134]:37440 "EHLO m50-134.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1045462AbdDWNGx (ORCPT ); Sun, 23 Apr 2017 09:06:53 -0400 From: Pan Bian To: Mauro Carvalho Chehab , Hans Verkuil , Sakari Ailus , linux-media@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Pan Bian Subject: [PATCH 1/1] [media] cx25840: fix unchecked return values Date: Sun, 23 Apr 2017 21:06:36 +0800 Message-Id: <1492952796-24769-1-git-send-email-bianpan201603@163.com> X-Mailer: git-send-email 1.9.1 X-CM-TRANSID: DtGowAD37h_cpvxYF8j2AA--.844S3 X-Coremail-Antispam: 1Uf129KBjvJXoWxur4kXw17KFyruF15uw4kWFg_yoW5WFWxp3 s5K3sxJa1UZr47JwsrJr13GF93Ww1fWw47Cry7u3WjqF1UAr98tF1avFZ0yF4kZrWUtr48 ur40yFZrCw45JF7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jWD7sUUUUU= X-Originating-IP: [123.118.194.153] X-CM-SenderInfo: held01tdqsiiqwqtqiywtou0bp/xtbBoh7C91aDsTvR0gAAsV Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2668 Lines: 76 From: Pan Bian In functions cx25840_initialize(), cx231xx_initialize(), and cx23885_initialize(), the return value of create_singlethread_workqueue() is used without validation. This may result in NULL dereference and cause kernel crash. This patch fixes it. Signed-off-by: Pan Bian --- drivers/media/i2c/cx25840/cx25840-core.c | 36 +++++++++++++++++++------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/drivers/media/i2c/cx25840/cx25840-core.c b/drivers/media/i2c/cx25840/cx25840-core.c index b8d3c070..39f51da 100644 --- a/drivers/media/i2c/cx25840/cx25840-core.c +++ b/drivers/media/i2c/cx25840/cx25840-core.c @@ -416,11 +416,13 @@ static void cx25840_initialize(struct i2c_client *client) INIT_WORK(&state->fw_work, cx25840_work_handler); init_waitqueue_head(&state->fw_wait); q = create_singlethread_workqueue("cx25840_fw"); - prepare_to_wait(&state->fw_wait, &wait, TASK_UNINTERRUPTIBLE); - queue_work(q, &state->fw_work); - schedule(); - finish_wait(&state->fw_wait, &wait); - destroy_workqueue(q); + if (q) { + prepare_to_wait(&state->fw_wait, &wait, TASK_UNINTERRUPTIBLE); + queue_work(q, &state->fw_work); + schedule(); + finish_wait(&state->fw_wait, &wait); + destroy_workqueue(q); + } /* 6. */ cx25840_write(client, 0x115, 0x8c); @@ -630,11 +632,13 @@ static void cx23885_initialize(struct i2c_client *client) INIT_WORK(&state->fw_work, cx25840_work_handler); init_waitqueue_head(&state->fw_wait); q = create_singlethread_workqueue("cx25840_fw"); - prepare_to_wait(&state->fw_wait, &wait, TASK_UNINTERRUPTIBLE); - queue_work(q, &state->fw_work); - schedule(); - finish_wait(&state->fw_wait, &wait); - destroy_workqueue(q); + if (q) { + prepare_to_wait(&state->fw_wait, &wait, TASK_UNINTERRUPTIBLE); + queue_work(q, &state->fw_work); + schedule(); + finish_wait(&state->fw_wait, &wait); + destroy_workqueue(q); + } /* Call the cx23888 specific std setup func, we no longer rely on * the generic cx24840 func. @@ -748,11 +752,13 @@ static void cx231xx_initialize(struct i2c_client *client) INIT_WORK(&state->fw_work, cx25840_work_handler); init_waitqueue_head(&state->fw_wait); q = create_singlethread_workqueue("cx25840_fw"); - prepare_to_wait(&state->fw_wait, &wait, TASK_UNINTERRUPTIBLE); - queue_work(q, &state->fw_work); - schedule(); - finish_wait(&state->fw_wait, &wait); - destroy_workqueue(q); + if (q) { + prepare_to_wait(&state->fw_wait, &wait, TASK_UNINTERRUPTIBLE); + queue_work(q, &state->fw_work); + schedule(); + finish_wait(&state->fw_wait, &wait); + destroy_workqueue(q); + } cx25840_std_setup(client); -- 1.9.1