Patches contributed by University of Minnesota

<<Prev 1 2 3 4 5 6 7 8 9 10 11 12 13[14]15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Next>>

commit 13814627c9658cf8382dd052bc251ee415670a55
Author: Kangjie Lu <kjlu@umn.edu>
Date:   Fri Mar 8 22:53:55 2019 -0600

    iio: adc: fix a potential NULL pointer dereference
    
    devm_iio_trigger_alloc may fail and return NULL. The fix returns
    ENOMEM when it fails.
    
    Signed-off-by: Kangjie Lu <kjlu@umn.edu>
    Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>

diff --git a/drivers/iio/adc/mxs-lradc-adc.c b/drivers/iio/adc/mxs-lradc-adc.c
index c627513d9f0f..5384472b6c4d 100644
--- a/drivers/iio/adc/mxs-lradc-adc.c
+++ b/drivers/iio/adc/mxs-lradc-adc.c
@@ -465,6 +465,8 @@ static int mxs_lradc_adc_trigger_init(struct iio_dev *iio)
 
 	trig = devm_iio_trigger_alloc(&iio->dev, "%s-dev%i", iio->name,
 				      iio->id);
+	if (!trig)
+		return -ENOMEM;
 
 	trig->dev.parent = adc->dev;
 	iio_trigger_set_drvdata(trig, iio);

commit f0d14edd2ba43b995bef4dd5da5ffe0ae19321a1
Author: Kangjie Lu <kjlu@umn.edu>
Date:   Fri Mar 15 02:29:43 2019 -0500

    PCI: rcar: Fix a potential NULL pointer dereference
    
    In case __get_free_pages() fails and returns NULL, fix the return
    value to -ENOMEM and release resources to avoid dereferencing a
    NULL pointer.
    
    Signed-off-by: Kangjie Lu <kjlu@umn.edu>
    Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
    Reviewed-by: Ulrich Hecht <uli+renesas@fpond.eu>
    Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
    Reviewed-by: Simon Horman <horms+renesas@verge.net.au>

diff --git a/drivers/pci/controller/pcie-rcar.c b/drivers/pci/controller/pcie-rcar.c
index a25527185bf1..0004b6457124 100644
--- a/drivers/pci/controller/pcie-rcar.c
+++ b/drivers/pci/controller/pcie-rcar.c
@@ -929,6 +929,10 @@ static int rcar_pcie_enable_msi(struct rcar_pcie *pcie)
 
 	/* setup MSI data target */
 	msi->pages = __get_free_pages(GFP_KERNEL, 0);
+	if (!msi->pages) {
+		err = -ENOMEM;
+		goto err;
+	}
 	base = virt_to_phys((void *)msi->pages);
 
 	rcar_pci_write_reg(pcie, lower_32_bits(base) | MSIFE, PCIEMSIALR);

commit 765976285a8c8db3f0eb7f033829a899d0c2786e
Author: Kangjie Lu <kjlu@umn.edu>
Date:   Tue Mar 12 02:56:33 2019 -0500

    rtlwifi: fix a potential NULL pointer dereference
    
    In case alloc_workqueue fails, the fix reports the error and
    returns to avoid NULL pointer dereference.
    
    Signed-off-by: Kangjie Lu <kjlu@umn.edu>
    Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/realtek/rtlwifi/base.c b/drivers/net/wireless/realtek/rtlwifi/base.c
index 217d2a7a43c7..ac746c322554 100644
--- a/drivers/net/wireless/realtek/rtlwifi/base.c
+++ b/drivers/net/wireless/realtek/rtlwifi/base.c
@@ -448,6 +448,11 @@ static void _rtl_init_deferred_work(struct ieee80211_hw *hw)
 	/* <2> work queue */
 	rtlpriv->works.hw = hw;
 	rtlpriv->works.rtl_wq = alloc_workqueue("%s", 0, 0, rtlpriv->cfg->name);
+	if (unlikely(!rtlpriv->works.rtl_wq)) {
+		pr_err("Failed to allocate work queue\n");
+		return;
+	}
+
 	INIT_DELAYED_WORK(&rtlpriv->works.watchdog_wq,
 			  (void *)rtl_watchdog_wq_callback);
 	INIT_DELAYED_WORK(&rtlpriv->works.ips_nic_off_wq,

commit e5b9b206f3f6376b9a1406b67eafe4e7bb9f123c
Author: Kangjie Lu <kjlu@umn.edu>
Date:   Tue Mar 12 00:31:07 2019 -0500

    net: mwifiex: fix a NULL pointer dereference
    
    In case dev_alloc_skb fails, the fix returns -ENOMEM to avoid
    NULL pointer dereference.
    
    Signed-off-by: Kangjie Lu <kjlu@umn.edu>
    Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/marvell/mwifiex/cmdevt.c b/drivers/net/wireless/marvell/mwifiex/cmdevt.c
index 60db2b969e20..8c35441fd9b7 100644
--- a/drivers/net/wireless/marvell/mwifiex/cmdevt.c
+++ b/drivers/net/wireless/marvell/mwifiex/cmdevt.c
@@ -341,6 +341,12 @@ static int mwifiex_dnld_sleep_confirm_cmd(struct mwifiex_adapter *adapter)
 		sleep_cfm_tmp =
 			dev_alloc_skb(sizeof(struct mwifiex_opt_sleep_confirm)
 				      + MWIFIEX_TYPE_LEN);
+		if (!sleep_cfm_tmp) {
+			mwifiex_dbg(adapter, ERROR,
+				    "SLEEP_CFM: dev_alloc_skb failed\n");
+			return -ENOMEM;
+		}
+
 		skb_put(sleep_cfm_tmp, sizeof(struct mwifiex_opt_sleep_confirm)
 			+ MWIFIEX_TYPE_LEN);
 		put_unaligned_le32(MWIFIEX_USB_TYPE_CMD, sleep_cfm_tmp->data);

commit 46953f97224d56a12ccbe9c6acaa84ca0dab2780
Author: Kangjie Lu <kjlu@umn.edu>
Date:   Fri Mar 15 12:04:32 2019 -0500

    brcmfmac: fix missing checks for kmemdup
    
    In case kmemdup fails, the fix sets conn_info->req_ie_len and
    conn_info->resp_ie_len to zero to avoid buffer overflows.
    
    Signed-off-by: Kangjie Lu <kjlu@umn.edu>
    Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
    Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index e92f6351bd22..8ee8af4e7ec4 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5464,6 +5464,8 @@ static s32 brcmf_get_assoc_ies(struct brcmf_cfg80211_info *cfg,
 		conn_info->req_ie =
 		    kmemdup(cfg->extra_buf, conn_info->req_ie_len,
 			    GFP_KERNEL);
+		if (!conn_info->req_ie)
+			conn_info->req_ie_len = 0;
 	} else {
 		conn_info->req_ie_len = 0;
 		conn_info->req_ie = NULL;
@@ -5480,6 +5482,8 @@ static s32 brcmf_get_assoc_ies(struct brcmf_cfg80211_info *cfg,
 		conn_info->resp_ie =
 		    kmemdup(cfg->extra_buf, conn_info->resp_ie_len,
 			    GFP_KERNEL);
+		if (!conn_info->resp_ie)
+			conn_info->resp_ie_len = 0;
 	} else {
 		conn_info->resp_ie_len = 0;
 		conn_info->resp_ie = NULL;

commit 3c77ff8f8bae4d328de662b26921bc4da1d293f1
Author: Kangjie Lu <kjlu@umn.edu>
Date:   Sun Mar 24 18:16:02 2019 -0500

    drm/v3d: fix a missing check of pm_runtime_get_sync
    
    pm_runtime_get_sync could fail and thus deserves a check.
    
    The patch adds such a check and return its error code upstream
    if it indeed failed.
    
    Signed-off-by: Kangjie Lu <kjlu@umn.edu>
    Signed-off-by: Eric Anholt <eric@anholt.net>
    Link: https://patchwork.freedesktop.org/patch/msgid/20190324231602.2436-1-kjlu@umn.edu
    Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>

diff --git a/drivers/gpu/drm/v3d/v3d_drv.c b/drivers/gpu/drm/v3d/v3d_drv.c
index d600628bb5c1..a06b05f714a5 100644
--- a/drivers/gpu/drm/v3d/v3d_drv.c
+++ b/drivers/gpu/drm/v3d/v3d_drv.c
@@ -102,6 +102,8 @@ static int v3d_get_param_ioctl(struct drm_device *dev, void *data,
 			return -EINVAL;
 
 		ret = pm_runtime_get_sync(v3d->dev);
+		if (ret < 0)
+			return ret;
 		if (args->param >= DRM_V3D_PARAM_V3D_CORE0_IDENT0 &&
 		    args->param <= DRM_V3D_PARAM_V3D_CORE0_IDENT2) {
 			args->value = V3D_CORE_READ(0, offset);

commit 1d84353d205a953e2381044953b7fa31c8c9702d
Author: Kangjie Lu <kjlu@umn.edu>
Date:   Mon Apr 1 17:46:58 2019 +0200

    video: imsttfb: fix potential NULL pointer dereferences
    
    In case ioremap fails, the fix releases resources and returns
    -ENOMEM to avoid NULL pointer dereferences.
    
    Signed-off-by: Kangjie Lu <kjlu@umn.edu>
    Cc: Aditya Pakki <pakki001@umn.edu>
    Cc: Finn Thain <fthain@telegraphics.com.au>
    Cc: Rob Herring <robh@kernel.org>
    Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    [b.zolnierkie: minor patch summary fixup]
    Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

diff --git a/drivers/video/fbdev/imsttfb.c b/drivers/video/fbdev/imsttfb.c
index 4b9615e4ce74..35bba3c2036d 100644
--- a/drivers/video/fbdev/imsttfb.c
+++ b/drivers/video/fbdev/imsttfb.c
@@ -1515,6 +1515,11 @@ static int imsttfb_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 	info->fix.smem_start = addr;
 	info->screen_base = (__u8 *)ioremap(addr, par->ramdac == IBM ?
 					    0x400000 : 0x800000);
+	if (!info->screen_base) {
+		release_mem_region(addr, size);
+		framebuffer_release(info);
+		return -ENOMEM;
+	}
 	info->fix.mmio_start = addr + 0x800000;
 	par->dc_regs = ioremap(addr + 0x800000, 0x1000);
 	par->cmap_regs_phys = addr + 0x840000;

commit ec7f6aad57ad29e4e66cc2e18e1e1599ddb02542
Author: Kangjie Lu <kjlu@umn.edu>
Date:   Mon Apr 1 17:46:58 2019 +0200

    video: hgafb: fix potential NULL pointer dereference
    
    When ioremap fails, hga_vram should not be dereferenced. The fix
    check the failure to avoid NULL pointer dereference.
    
    Signed-off-by: Kangjie Lu <kjlu@umn.edu>
    Cc: Aditya Pakki <pakki001@umn.edu>
    Cc: Ferenc Bakonyi <fero@drama.obuda.kando.hu>
    [b.zolnierkie: minor patch summary fixup]
    Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

diff --git a/drivers/video/fbdev/hgafb.c b/drivers/video/fbdev/hgafb.c
index 463028543173..59e1cae57948 100644
--- a/drivers/video/fbdev/hgafb.c
+++ b/drivers/video/fbdev/hgafb.c
@@ -285,6 +285,8 @@ static int hga_card_detect(void)
 	hga_vram_len  = 0x08000;
 
 	hga_vram = ioremap(0xb0000, hga_vram_len);
+	if (!hga_vram)
+		goto error;
 
 	if (request_region(0x3b0, 12, "hgafb"))
 		release_io_ports = 1;

commit 31fa6e2ae65feed0de10823c5d1eea21a93086c9
Author: Aditya Pakki <pakki001@umn.edu>
Date:   Mon Apr 1 17:46:57 2019 +0200

    omapfb: Fix potential NULL pointer dereference in kmalloc
    
    Memory allocated, using kmalloc, for new_compat may fail. This patch
    checks for such an error and prevents potential NULL pointer
    dereference.
    
    Signed-off-by: Aditya Pakki <pakki001@umn.edu>
    Cc: Kangjie Lu <kjlu@umn.edu>
    Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

diff --git a/drivers/video/fbdev/omap2/omapfb/dss/omapdss-boot-init.c b/drivers/video/fbdev/omap2/omapfb/dss/omapdss-boot-init.c
index cb6acbac9c47..5da7ed6d653e 100644
--- a/drivers/video/fbdev/omap2/omapfb/dss/omapdss-boot-init.c
+++ b/drivers/video/fbdev/omap2/omapfb/dss/omapdss-boot-init.c
@@ -111,6 +111,8 @@ static void __init omapdss_omapify_node(struct device_node *node)
 
 	new_len = prop->length + strlen(prefix) * num_strs;
 	new_compat = kmalloc(new_len, GFP_KERNEL);
+	if (!new_compat)
+		return;
 
 	omapdss_prefix_strcpy(new_compat, new_len, prop->value, prop->length);

commit 0aab8e4df4702b31314a27ec4b0631dfad0fae0a
Author: Kangjie Lu <kjlu@umn.edu>
Date:   Sat Mar 9 00:04:11 2019 -0600

    leds: pca9532: fix a potential NULL pointer dereference
    
    In case of_match_device cannot find a match, return -EINVAL to avoid
    NULL pointer dereference.
    
    Fixes: fa4191a609f2 ("leds: pca9532: Add device tree support")
    Signed-off-by: Kangjie Lu <kjlu@umn.edu>
    Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>

diff --git a/drivers/leds/leds-pca9532.c b/drivers/leds/leds-pca9532.c
index 7fea18b0c15d..7cb4d685a1f1 100644
--- a/drivers/leds/leds-pca9532.c
+++ b/drivers/leds/leds-pca9532.c
@@ -513,6 +513,7 @@ static int pca9532_probe(struct i2c_client *client,
 	const struct i2c_device_id *id)
 {
 	int devid;
+	const struct of_device_id *of_id;
 	struct pca9532_data *data = i2c_get_clientdata(client);
 	struct pca9532_platform_data *pca9532_pdata =
 			dev_get_platdata(&client->dev);
@@ -528,8 +529,11 @@ static int pca9532_probe(struct i2c_client *client,
 			dev_err(&client->dev, "no platform data\n");
 			return -EINVAL;
 		}
-		devid = (int)(uintptr_t)of_match_device(
-			of_pca9532_leds_match, &client->dev)->data;
+		of_id = of_match_device(of_pca9532_leds_match,
+				&client->dev);
+		if (unlikely(!of_id))
+			return -EINVAL;
+		devid = (int)(uintptr_t) of_id->data;
 	} else {
 		devid = id->driver_data;
 	}

<<Prev 1 2 3 4 5 6 7 8 9 10 11 12 13[14]15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Next>>