Return-path: Received: from m50-133.163.com ([123.125.50.133]:57186 "EHLO m50-133.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1045279AbdDWNUl (ORCPT ); Sun, 23 Apr 2017 09:20:41 -0400 From: Pan Bian To: Kalle Valo , Bhaktipriya Shridhar , Tejun Heo Cc: libertas-dev@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Pan Bian Subject: [PATCH 1/1] libertas: check return value of alloc_workqueue Date: Sun, 23 Apr 2017 21:19:38 +0800 Message-Id: <1492953578-387-1-git-send-email-bianpan201603@163.com> (sfid-20170423_152134_243291_A2CDB5B1) Sender: linux-wireless-owner@vger.kernel.org List-ID: From: Pan Bian Function alloc_workqueue() will return a NULL pointer if there is no enough memory, and its return value should be validated before using. However, in function if_spi_probe(), its return value is not checked. This may result in a NULL dereference bug. This patch fixes the bug. Signed-off-by: Pan Bian --- drivers/net/wireless/marvell/libertas/if_spi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/wireless/marvell/libertas/if_spi.c b/drivers/net/wireless/marvell/libertas/if_spi.c index c3a53cd..7b4955c 100644 --- a/drivers/net/wireless/marvell/libertas/if_spi.c +++ b/drivers/net/wireless/marvell/libertas/if_spi.c @@ -1181,6 +1181,10 @@ static int if_spi_probe(struct spi_device *spi) /* Initialize interrupt handling stuff. */ card->workqueue = alloc_workqueue("libertas_spi", WQ_MEM_RECLAIM, 0); + if (!card->workqueue) { + err = -ENOMEM; + goto remove_card; + } INIT_WORK(&card->packet_work, if_spi_host_to_card_worker); INIT_WORK(&card->resume_work, if_spi_resume_worker); @@ -1209,6 +1213,7 @@ static int if_spi_probe(struct spi_device *spi) free_irq(spi->irq, card); terminate_workqueue: destroy_workqueue(card->workqueue); +remove_card: lbs_remove_card(priv); /* will call free_netdev */ free_card: free_if_spi_card(card); -- 1.9.1