| Message ID | 20190311073758.31038-1-kjlu@umn.edu |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | David Miller |
| Headers | show |
| Series | net: iwlegacy: fix potential NULL pointer dereferences | expand |
On Mon, Mar 11, 2019 at 02:37:57AM -0500, Kangjie Lu wrote: > In case create_singlethread_workqueue fails, the fix immediately > return to avoid NULL pointer dereferences. > > Signed-off-by: Kangjie Lu <kjlu@umn.edu> > --- > drivers/net/wireless/intel/iwlegacy/3945-mac.c | 2 ++ > drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 ++ > 2 files changed, 4 insertions(+) > > diff --git a/drivers/net/wireless/intel/iwlegacy/3945-mac.c b/drivers/net/wireless/intel/iwlegacy/3945-mac.c > index 271977f7fbb0..d23ee2ca0c8e 100644 > --- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c > +++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c > @@ -3403,6 +3403,8 @@ static void > il3945_setup_deferred_work(struct il_priv *il) > { > il->workqueue = create_singlethread_workqueue(DRV_NAME); > + if (!il->workqueue) > + return; This is not full fix since we will crash later without setup various structures in il3945_setup_deferred_work. The driver is pretty much legacy and worked for decade (or maybe more) without NULL dereference of il->workqueue. I do not see need to fix _potential_ problems as fix can introduce more harm than good. Stanislaw
diff --git a/drivers/net/wireless/intel/iwlegacy/3945-mac.c b/drivers/net/wireless/intel/iwlegacy/3945-mac.c index 271977f7fbb0..d23ee2ca0c8e 100644 --- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c @@ -3403,6 +3403,8 @@ static void il3945_setup_deferred_work(struct il_priv *il) { il->workqueue = create_singlethread_workqueue(DRV_NAME); + if (!il->workqueue) + return; init_waitqueue_head(&il->wait_command_queue); diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c index 94222ae464ae..2c555c9f1ff4 100644 --- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c +++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c @@ -6236,6 +6236,8 @@ static void il4965_setup_deferred_work(struct il_priv *il) { il->workqueue = create_singlethread_workqueue(DRV_NAME); + if (!il->workqueue) + return; init_waitqueue_head(&il->wait_command_queue);
In case create_singlethread_workqueue fails, the fix immediately return to avoid NULL pointer dereferences. Signed-off-by: Kangjie Lu <kjlu@umn.edu> --- drivers/net/wireless/intel/iwlegacy/3945-mac.c | 2 ++ drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 ++ 2 files changed, 4 insertions(+)