[PATCH 3.2 099/140] cfg80211: check dev_set_name() return value
From: Ben Hutchings
Date: Wed Feb 28 2018 - 12:36:15 EST
3.2.100-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@xxxxxxxxx>
commit 59b179b48ce2a6076448a44531242ac2b3f6cef2 upstream.
syzbot reported a warning from rfkill_alloc(), and after a while
I think that the reason is that it was doing fault injection and
the dev_set_name() failed, leaving the name NULL, and we didn't
check the return value and got to rfkill_alloc() with a NULL name.
Since we really don't want a NULL name, we ought to check the
return value.
Fixes: fb28ad35906a ("net: struct device - replace bus_id with dev_name(), dev_set_name()")
Reported-by: syzbot+1ddfb3357e1d7bb5b5d3@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -329,6 +329,7 @@ struct wiphy *wiphy_new(const struct cfg
struct cfg80211_registered_device *rdev;
int alloc_size;
+ int rv;
WARN_ON(ops->add_key && (!ops->del_key || !ops->set_default_key));
WARN_ON(ops->auth && (!ops->assoc || !ops->deauth || !ops->disassoc));
@@ -362,7 +363,11 @@ struct wiphy *wiphy_new(const struct cfg
mutex_unlock(&cfg80211_mutex);
/* give it a proper name */
- dev_set_name(&rdev->wiphy.dev, PHY_NAME "%d", rdev->wiphy_idx);
+ rv = dev_set_name(&rdev->wiphy.dev, PHY_NAME "%d", rdev->wiphy_idx);
+ if (rv < 0) {
+ kfree(rdev);
+ return NULL;
+ }
mutex_init(&rdev->mtx);
mutex_init(&rdev->devlist_mtx);