| 123456789101112131415161718192021222324252627282930313233343536373839404142434445 |
- From 6a4aee277740d04ac0fd54cfa17cc28261932ddc Mon Sep 17 00:00:00 2001
- From: Christian Marangi <[email protected]>
- Date: Mon, 25 Mar 2024 20:06:19 +0100
- Subject: [PATCH] net: phy: qcom: at803x: fix kernel panic with at8031_probe
- On reworking and splitting the at803x driver, in splitting function of
- at803x PHYs it was added a NULL dereference bug where priv is referenced
- before it's actually allocated and then is tried to write to for the
- is_1000basex and is_fiber variables in the case of at8031, writing on
- the wrong address.
- Fix this by correctly setting priv local variable only after
- at803x_probe is called and actually allocates priv in the phydev struct.
- Reported-by: William Wortel <[email protected]>
- Cc: <[email protected]>
- Fixes: 25d2ba94005f ("net: phy: at803x: move specific at8031 probe mode check to dedicated probe")
- Signed-off-by: Christian Marangi <[email protected]>
- Reviewed-by: Andrew Lunn <[email protected]>
- Link: https://lore.kernel.org/r/[email protected]
- Signed-off-by: Paolo Abeni <[email protected]>
- ---
- drivers/net/phy/qcom/at803x.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
- --- a/drivers/net/phy/qcom/at803x.c
- +++ b/drivers/net/phy/qcom/at803x.c
- @@ -797,7 +797,7 @@ static int at8031_parse_dt(struct phy_de
-
- static int at8031_probe(struct phy_device *phydev)
- {
- - struct at803x_priv *priv = phydev->priv;
- + struct at803x_priv *priv;
- int mode_cfg;
- int ccr;
- int ret;
- @@ -806,6 +806,8 @@ static int at8031_probe(struct phy_devic
- if (ret)
- return ret;
-
- + priv = phydev->priv;
- +
- /* Only supported on AR8031/AR8033, the AR8030/AR8035 use strapping
- * options.
- */
|
