From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1762528AbcALOGx (ORCPT <rfc822;w@1wt.eu>);
	Tue, 12 Jan 2016 09:06:53 -0500
Received: from vps0.lunn.ch ([178.209.37.122]:46306 "EHLO vps0.lunn.ch"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752900AbcALOGu (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 12 Jan 2016 09:06:50 -0500
Date: Tue, 12 Jan 2016 15:06:47 +0100
From: Andrew Lunn <andrew@lunn.ch>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] mdio_bus: NULL dereference on allocation error
Message-ID: <20160112140647.GA5527@lunn.ch>
References: <20160112093435.GD29804@mwanda>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160112093435.GD29804@mwanda>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jan 12, 2016 at 12:34:36PM +0300, Dan Carpenter wrote:
> If bus = kzalloc() fails then we end up dereferencing bus when we do
> "bus->irq[i] = PHY_POLL;".  The code is a little simpler if we reverse
> the NULL check and return directly on failure.
> 
> Fixes: e7f4dc3536a4 ('mdio: Move allocation of interrupts into core')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Reviewed-by: Andrew Lunn <andrew@lunn.ch>

Thanks
	Andrew

> 
> diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
> index 0be7b3d..0cba64f 100644
> --- a/drivers/net/phy/mdio_bus.c
> +++ b/drivers/net/phy/mdio_bus.c
> @@ -102,11 +102,12 @@ struct mii_bus *mdiobus_alloc_size(size_t size)
>  		alloc_size = sizeof(*bus);
>  
>  	bus = kzalloc(alloc_size, GFP_KERNEL);
> -	if (bus) {
> -		bus->state = MDIOBUS_ALLOCATED;
> -		if (size)
> -			bus->priv = (void *)bus + aligned_size;
> -	}
> +	if (!bus)
> +		return NULL;
> +
> +	bus->state = MDIOBUS_ALLOCATED;
> +	if (size)
> +		bus->priv = (void *)bus + aligned_size;
>  
>  	/* Initialise the interrupts to polling */
>  	for (i = 0; i < PHY_MAX_ADDR; i++)

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Lunn <andrew@lunn.ch>
Date: Tue, 12 Jan 2016 14:06:47 +0000
Subject: Re: [patch] mdio_bus: NULL dereference on allocation error
Message-Id: <20160112140647.GA5527@lunn.ch>
List-Id: <kernel-janitors.vger.kernel.org>
References: <20160112093435.GD29804@mwanda>
In-Reply-To: <20160112093435.GD29804@mwanda>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org

On Tue, Jan 12, 2016 at 12:34:36PM +0300, Dan Carpenter wrote:
> If bus = kzalloc() fails then we end up dereferencing bus when we do
> "bus->irq[i] = PHY_POLL;".  The code is a little simpler if we reverse
> the NULL check and return directly on failure.
> 
> Fixes: e7f4dc3536a4 ('mdio: Move allocation of interrupts into core')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Reviewed-by: Andrew Lunn <andrew@lunn.ch>

Thanks
	Andrew

> 
> diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
> index 0be7b3d..0cba64f 100644
> --- a/drivers/net/phy/mdio_bus.c
> +++ b/drivers/net/phy/mdio_bus.c
> @@ -102,11 +102,12 @@ struct mii_bus *mdiobus_alloc_size(size_t size)
>  		alloc_size = sizeof(*bus);
>  
>  	bus = kzalloc(alloc_size, GFP_KERNEL);
> -	if (bus) {
> -		bus->state = MDIOBUS_ALLOCATED;
> -		if (size)
> -			bus->priv = (void *)bus + aligned_size;
> -	}
> +	if (!bus)
> +		return NULL;
> +
> +	bus->state = MDIOBUS_ALLOCATED;
> +	if (size)
> +		bus->priv = (void *)bus + aligned_size;
>  
>  	/* Initialise the interrupts to polling */
>  	for (i = 0; i < PHY_MAX_ADDR; i++)