[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <lsq.1519831222.981908245@decadent.org.uk>
Date: Wed, 28 Feb 2018 15:20:22 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org,
syzbot+1ddfb3357e1d7bb5b5d3@...kaller.appspotmail.com,
"Johannes Berg" <johannes.berg@...el.com>
Subject: [PATCH 3.2 099/140] cfg80211: check dev_set_name() return value
3.2.100-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@...el.com>
commit 59b179b48ce2a6076448a44531242ac2b3f6cef2 upstream.
syzbot reported a warning from rfkill_alloc(), and after a while
I think that the reason is that it was doing fault injection and
the dev_set_name() failed, leaving the name NULL, and we didn't
check the return value and got to rfkill_alloc() with a NULL name.
Since we really don't want a NULL name, we ought to check the
return value.
Fixes: fb28ad35906a ("net: struct device - replace bus_id with dev_name(), dev_set_name()")
Reported-by: syzbot+1ddfb3357e1d7bb5b5d3@...kaller.appspotmail.com
Signed-off-by: Johannes Berg <johannes.berg@...el.com>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -329,6 +329,7 @@ struct wiphy *wiphy_new(const struct cfg
struct cfg80211_registered_device *rdev;
int alloc_size;
+ int rv;
WARN_ON(ops->add_key && (!ops->del_key || !ops->set_default_key));
WARN_ON(ops->auth && (!ops->assoc || !ops->deauth || !ops->disassoc));
@@ -362,7 +363,11 @@ struct wiphy *wiphy_new(const struct cfg
mutex_unlock(&cfg80211_mutex);
/* give it a proper name */
- dev_set_name(&rdev->wiphy.dev, PHY_NAME "%d", rdev->wiphy_idx);
+ rv = dev_set_name(&rdev->wiphy.dev, PHY_NAME "%d", rdev->wiphy_idx);
+ if (rv < 0) {
+ kfree(rdev);
+ return NULL;
+ }
mutex_init(&rdev->mtx);
mutex_init(&rdev->devlist_mtx);
Powered by blists - more mailing lists