power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe()

[ Upstream commit 97f2b4ddb0aa700d673691a7d5e44d226d22bab7 ]

cw_bat_probe() calls create_singlethread_workqueue() and not checked the
ret value, which may return NULL. And a null-ptr-deref may happen:

cw_bat_probe()
    create_singlethread_workqueue() # failed, cw_bat->wq is NULL
    queue_delayed_work()
        queue_delayed_work_on()
            __queue_delayed_work()  # warning here, but continue
                __queue_work()      # access wq->flags, null-ptr-deref

Check the ret value and return -ENOMEM if it is NULL.

Fixes: b4c7715c10c1 ("power: supply: add CellWise cw2015 fuel gauge driver")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/power/supply/cw2015_battery.c b/drivers/power/supply/cw2015_battery.c
index 6d52641..473522b 100644 (file)
--- a/drivers/power/supply/cw2015_battery.c
+++ b/drivers/power/supply/cw2015_battery.c
@@ -699,6 +699,9 @@ static int cw_bat_probe(struct i2c_client *client)
        }
 
        cw_bat->battery_workqueue = create_singlethread_workqueue("rk_battery");
+       if (!cw_bat->battery_workqueue)
+               return -ENOMEM;
+
        devm_delayed_work_autocancel(&client->dev,
                                                          &cw_bat->battery_delay_work, cw_bat_work);
        queue_delayed_work(cw_bat->battery_workqueue,