| Message ID | 20240325190621.2665-1-ansuelsmth@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 6a4aee277740d04ac0fd54cfa17cc28261932ddc |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net] net: phy: qcom: at803x: fix kernel panic with at8031_probe | expand |
On Mon, Mar 25, 2024 at 08:06:19PM +0100, Christian Marangi wrote: > On reworking and splitting the at803x driver, in splitting function of > at803x PHYs it was added a NULL dereference bug where priv is referenced > before it's actually allocated and then is tried to write to for the > is_1000basex and is_fiber variables in the case of at8031, writing on > the wrong address. > > Fix this by correctly setting priv local variable only after > at803x_probe is called and actually allocates priv in the phydev struct. > > Reported-by: William Wortel <wwortel@dorpstraat.com> > Cc: <stable@vger.kernel.org> > Fixes: 25d2ba94005f ("net: phy: at803x: move specific at8031 probe mode check to dedicated probe") > Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Andrew
Hello: This patch was applied to netdev/net.git (main) by Paolo Abeni <pabeni@redhat.com>: On Mon, 25 Mar 2024 20:06:19 +0100 you wrote: > On reworking and splitting the at803x driver, in splitting function of > at803x PHYs it was added a NULL dereference bug where priv is referenced > before it's actually allocated and then is tried to write to for the > is_1000basex and is_fiber variables in the case of at8031, writing on > the wrong address. > > Fix this by correctly setting priv local variable only after > at803x_probe is called and actually allocates priv in the phydev struct. > > [...] Here is the summary with links: - [net] net: phy: qcom: at803x: fix kernel panic with at8031_probe https://git.kernel.org/netdev/net/c/6a4aee277740 You are awesome, thank you!
diff --git a/drivers/net/phy/qcom/at803x.c b/drivers/net/phy/qcom/at803x.c index 4717c59d51d0..e79657f76bea 100644 --- a/drivers/net/phy/qcom/at803x.c +++ b/drivers/net/phy/qcom/at803x.c @@ -797,7 +797,7 @@ static int at8031_parse_dt(struct phy_device *phydev) static int at8031_probe(struct phy_device *phydev) { - struct at803x_priv *priv = phydev->priv; + struct at803x_priv *priv; int mode_cfg; int ccr; int ret; @@ -806,6 +806,8 @@ static int at8031_probe(struct phy_device *phydev) if (ret) return ret; + priv = phydev->priv; + /* Only supported on AR8031/AR8033, the AR8030/AR8035 use strapping * options. */
On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually allocated and then is tried to write to for the is_1000basex and is_fiber variables in the case of at8031, writing on the wrong address. Fix this by correctly setting priv local variable only after at803x_probe is called and actually allocates priv in the phydev struct. Reported-by: William Wortel <wwortel@dorpstraat.com> Cc: <stable@vger.kernel.org> Fixes: 25d2ba94005f ("net: phy: at803x: move specific at8031 probe mode check to dedicated probe") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> --- drivers/net/phy/qcom/at803x.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)