Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1331486imm; Tue, 15 May 2018 18:12:33 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqoTHRAHgU6xXhDQXquxEbzM94VpFEI6ULs1CiHIvyyCZxauiZicQNs7RTXQj+RWmIt4Nge X-Received: by 2002:a62:cca:: with SMTP id 71-v6mr17397371pfm.61.1526433153090; Tue, 15 May 2018 18:12:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526433153; cv=none; d=google.com; s=arc-20160816; b=sdD2nrHE7eGHmqblpaqUr7cfffWWEQPd85V1hfnQ+HCZgxCYLM7aLNqsQ75mwmGF71 mkCNKrARNHby0GFoq1+ckMzrm4bn0r2LhCkc1G0CjomwCmCMSoOvO+/E15Kkcf+yNW8j xiGX3qkR3C3QJMxWnsa9EScsl1GYX5CIYE15Ta+jYdx3l6HorSWRp/rmyq3nqUDRo/MX Z01aABtRjRJ1sO6R5AqpIO7HXO32K7EbXUmRawmN++y2y78TK6ySXgs1FAtKqL8afQzO G92xqCpFr2MYBdMMFN485OTmcUQfvwktJ5g16WKiasHkAAISRbfayGV4TdYXG6oObLuF HJlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:date:cc:to:from:subject :message-id:arc-authentication-results; bh=/qEfQQd4U5ODW899aJJuVAonQHDKXVwXG5CrYBMuq+Q=; b=yjcQjyurCpuozYO+0jYnLoYvLXA8k1+6QnhtTCPzsFpcF/JaEZ2HqFOwtiZraXBRWU /7gpwpEiAYsFyGD3+AcqvuvBZKPdLtoPEAUfNUlCEYotD8nkjmpbBpa1lKHCwtWmoqGQ 9Y07NtLIbFlqT7VUrPz7/RjsydEl93BJY5xuIVW2RFMM3N2+66XLYK+OX9Ax6QA5t9yf Zi63kRNLUI3y/ZjUlWgEmXdclBLmGPSUy9qZpUCAGCy5IUqXY7Ly4ivFHMIPLzpABcCz nVnrs8fn9B07TaT1kSQd+X0FAZIel2nhbdhjHXTODhXCavEVk+rTIU2ytw9NYBvp4bLa x31w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codethink.co.uk Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c5-v6si1421657pfm.119.2018.05.15.18.12.18; Tue, 15 May 2018 18:12:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codethink.co.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752311AbeEPBKw (ORCPT + 99 others); Tue, 15 May 2018 21:10:52 -0400 Received: from imap1.codethink.co.uk ([176.9.8.82]:59470 "EHLO imap1.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751853AbeEPBKv (ORCPT ); Tue, 15 May 2018 21:10:51 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126] helo=xylophone) by imap1.codethink.co.uk with esmtpsa (Exim 4.84_2 #1 (Debian)) id 1fIkxn-0004VL-32; Wed, 16 May 2018 02:10:43 +0100 Message-ID: <1526433042.9159.103.camel@codethink.co.uk> Subject: Re: [PATCH 4.4 125/190] [media] cx25840: fix unchecked return values From: Ben Hutchings To: Pan Bian , Hans Verkuil , Mauro Carvalho Chehab Cc: stable@vger.kernel.org, Sasha Levin , Greg Kroah-Hartman , LKML Date: Wed, 16 May 2018 02:10:42 +0100 In-Reply-To: <20180411183559.391845365@linuxfoundation.org> References: <20180411183550.114495991@linuxfoundation.org> <20180411183559.391845365@linuxfoundation.org> Organization: Codethink Ltd. Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.6-1+deb9u1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2018-04-11 at 20:36 +0200, Greg Kroah-Hartman wrote: > 4.4-stable review patch.  If anyone has any objections, please let me know. > > ------------------ > > From: Pan Bian > > > [ Upstream commit 35378ce143071c2a6bad4b59a000e9b9f8f6ea67 ] > > In functions cx25840_initialize(), cx231xx_initialize(), and > cx23885_initialize(), the return value of create_singlethread_workqueue() > is used without validation. This may result in NULL dereference and cause > kernel crash. This patch fixes it. [...] > --- a/drivers/media/i2c/cx25840/cx25840-core.c > +++ b/drivers/media/i2c/cx25840/cx25840-core.c > @@ -420,11 +420,13 @@ static void cx25840_initialize(struct i2 >   INIT_WORK(&state->fw_work, cx25840_work_handler); >   init_waitqueue_head(&state->fw_wait); >   q = create_singlethread_workqueue("cx25840_fw"); > - prepare_to_wait(&state->fw_wait, &wait, TASK_UNINTERRUPTIBLE); > - queue_work(q, &state->fw_work); > - schedule(); > - finish_wait(&state->fw_wait, &wait); > - destroy_workqueue(q); > + if (q) { > + prepare_to_wait(&state->fw_wait, &wait, TASK_UNINTERRUPTIBLE); > + queue_work(q, &state->fw_work); > + schedule(); > + finish_wait(&state->fw_wait, &wait); > + destroy_workqueue(q); > + } [...] Why is the error "handled" by skipping part of the initialisation process? Shouldn't we abort and return an error? Why even create a private workqueue, when we don't do anything that wouldn't work with one of the global workqueues? Why even use a workqueue, if we immediately block waiting for the work to finish? This makes no sense to me. Ben. -- Ben Hutchings Software Developer, Codethink Ltd.