--- /dev/null
+From 51c8d24101c79ffce3e79137e2cee5dfeb956dd7 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Sat, 22 Dec 2018 10:34:54 +0000
+Subject: cw1200: fix missing unlock on error in cw1200_hw_scan()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit 51c8d24101c79ffce3e79137e2cee5dfeb956dd7 upstream.
+
+Add the missing unlock before return from function cw1200_hw_scan()
+in the error handling case.
+
+Fixes: 4f68ef64cd7f ("cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()")
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Acked-by: Jia-Ju Bai <baijiaju1990@gmail.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/st/cw1200/scan.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/st/cw1200/scan.c
++++ b/drivers/net/wireless/st/cw1200/scan.c
+@@ -84,8 +84,11 @@ int cw1200_hw_scan(struct ieee80211_hw *
+
+ frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0,
+ req->ie_len);
+- if (!frame.skb)
++ if (!frame.skb) {
++ mutex_unlock(&priv->conf_mutex);
++ up(&priv->scan.lock);
+ return -ENOMEM;
++ }
+
+ if (req->ie_len)
+ skb_put_data(frame.skb, req->ie, req->ie_len);
nfc-nci-add-some-bounds-checking-in-nci_hci_cmd_rece.patch
nfc-nci-potential-off-by-one-in-pipes-array.patch
x86-kprobes-avoid-kretprobe-recursion-bug.patch
+cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch