parisc: led: Fix potential null-ptr-deref in start_task()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

start_task() calls create_singlethread_workqueue() and not checked the
ret value, which may return NULL. And a null-ptr-deref may happen:

start_task()
create_singlethread_workqueue() # failed, led_wq is NULL
queue_delayed_work()
queue_delayed_work_on()
__queue_delayed_work() # warning here, but continue
__queue_work() # access wq->flags, null-ptr-deref

Check the ret value and return -ENOMEM if it is NULL.

Fixes: 3499495205a6 ("[PARISC] Use work queue in LED/LCD driver instead of tasklet.")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org>

authored by

Shang XiaoJing and committed by

Helge Deller 3 years ago 41f563ab 1bc54346

1 changed file

expand all

drivers

parisc

led.c

drivers/parisc/led.c

··· 137 137 138 138 /* Create the work queue and queue the LED task */ 139 139 led_wq = create_singlethread_workqueue("led_wq"); 140 + if (!led_wq) 141 + return -ENOMEM; 142 + 140 143 queue_delayed_work(led_wq, &led_task, 0); 141 144 142 145 return 0;