parisc: led: Fix potential null-ptr-deref in start_task()

commit 41f563ab3c33698bdfc3403c7c2e6c94e73681e4 upstream.

start_task() calls create_singlethread_workqueue() and not checked the
ret value, which may return NULL. And a null-ptr-deref may happen:

start_task()
    create_singlethread_workqueue() # failed, led_wq is NULL
    queue_delayed_work()
        queue_delayed_work_on()
            __queue_delayed_work()  # warning here, but continue
                __queue_work()      # access wq->flags, null-ptr-deref

Check the ret value and return -ENOMEM if it is NULL.

Fixes: 3499495205a6 ("[PARISC] Use work queue in LED/LCD driver instead of tasklet.")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/parisc/led.c b/drivers/parisc/led.c
index 3a91e06926adf5d831e4fefb6f94b1595498a762..e800e83fa2255c02bd01a4533c4549fff8d4cc96 100644 (file)
--- a/drivers/parisc/led.c
+++ b/drivers/parisc/led.c
@@ -141,6 +141,9 @@ static int start_task(void)
 
        /* Create the work queue and queue the LED task */
        led_wq = create_singlethread_workqueue("led_wq");       
+       if (!led_wq)
+               return -ENOMEM;
+
        queue_delayed_work(led_wq, &led_task, 0);
 
        return 0;