5.0-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Tue, 14 May 2019 08:23:42 +0000 (10:23 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Tue, 14 May 2019 08:23:42 +0000 (10:23 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 14 May 2019 08:23:42 +0000 (10:23 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 14 May 2019 08:23:42 +0000 (10:23 +0200)
diff --git a/queue-5.0/cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch b/queue-5.0/cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch

new file mode 100644 (file)

index 0000000..1bf89e9
--- /dev/null
+++ b/queue-5.0/cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch
@@ -0,0 +1,37 @@
+From 51c8d24101c79ffce3e79137e2cee5dfeb956dd7 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Sat, 22 Dec 2018 10:34:54 +0000
+Subject: cw1200: fix missing unlock on error in cw1200_hw_scan()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit 51c8d24101c79ffce3e79137e2cee5dfeb956dd7 upstream.
+
+Add the missing unlock before return from function cw1200_hw_scan()
+in the error handling case.
+
+Fixes: 4f68ef64cd7f ("cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()")
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Acked-by: Jia-Ju Bai <baijiaju1990@gmail.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/st/cw1200/scan.c |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/st/cw1200/scan.c
++++ b/drivers/net/wireless/st/cw1200/scan.c
+@@ -84,8 +84,11 @@ int cw1200_hw_scan(struct ieee80211_hw *
+ 
+       frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0,
+               req->ie_len);
+-      if (!frame.skb)
++      if (!frame.skb) {
++              mutex_unlock(&priv->conf_mutex);
++              up(&priv->scan.lock);
+               return -ENOMEM;
++      }
+ 
+       if (req->ie_len)
+               skb_put_data(frame.skb, req->ie, req->ie_len);
diff --git a/queue-5.0/series b/queue-5.0/series

index 03d88d78d9f1f48ae4d8337af8b46777d30783b9..1c6e224ce6fc2fa48175b80582b8af14051bd698 100644 (file)
--- a/queue-5.0/series
+++ b/queue-5.0/series
@@ -98,3 +98,4 @@ bpf-only-test-gso-type-on-gso-packets.patch
  net-sched-fix-cleanup-null-pointer-exception-in-act_.patch
  net-mvpp2-fix-validate-for-ppv2.1.patch
  drm-rockchip-fix-for-mailbox-read-validation.patch
+cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 14 May 2019 08:23:42 +0000 (10:23 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 14 May 2019 08:23:42 +0000 (10:23 +0200)
queue-5.0/cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch	[new file with mode: 0644]	patch \| blob
queue-5.0/series		patch \| blob \| blame \| history