]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
4.14-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 14 May 2019 08:23:11 +0000 (10:23 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 14 May 2019 08:23:11 +0000 (10:23 +0200)
added patches:
cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch

queue-4.14/cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch [new file with mode: 0644]
queue-4.14/series

diff --git a/queue-4.14/cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch b/queue-4.14/cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch
new file mode 100644 (file)
index 0000000..1bf89e9
--- /dev/null
@@ -0,0 +1,37 @@
+From 51c8d24101c79ffce3e79137e2cee5dfeb956dd7 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Sat, 22 Dec 2018 10:34:54 +0000
+Subject: cw1200: fix missing unlock on error in cw1200_hw_scan()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit 51c8d24101c79ffce3e79137e2cee5dfeb956dd7 upstream.
+
+Add the missing unlock before return from function cw1200_hw_scan()
+in the error handling case.
+
+Fixes: 4f68ef64cd7f ("cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()")
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Acked-by: Jia-Ju Bai <baijiaju1990@gmail.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/st/cw1200/scan.c |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/st/cw1200/scan.c
++++ b/drivers/net/wireless/st/cw1200/scan.c
+@@ -84,8 +84,11 @@ int cw1200_hw_scan(struct ieee80211_hw *
+       frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0,
+               req->ie_len);
+-      if (!frame.skb)
++      if (!frame.skb) {
++              mutex_unlock(&priv->conf_mutex);
++              up(&priv->scan.lock);
+               return -ENOMEM;
++      }
+       if (req->ie_len)
+               skb_put_data(frame.skb, req->ie, req->ie_len);
index d5affec93b2252064d9f4295d713fdd0c6a90f47..de1c2d3303cbf1ceb7f2658ed082c8334843572c 100644 (file)
@@ -91,3 +91,4 @@ mlxsw-core-do-not-use-wq_mem_reclaim-for-mlxsw-workq.patch
 nfc-nci-add-some-bounds-checking-in-nci_hci_cmd_rece.patch
 nfc-nci-potential-off-by-one-in-pipes-array.patch
 x86-kprobes-avoid-kretprobe-recursion-bug.patch
+cw1200-fix-missing-unlock-on-error-in-cw1200_hw_scan.patch