From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Tong Zhang <ztong0001@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 15/59] atm: idt77252: fix null-ptr-dereference
Date: Mon, 29 Mar 2021 09:57:55 +0200 [thread overview]
Message-ID: <20210329075609.389310234@linuxfoundation.org> (raw)
In-Reply-To: <20210329075608.898173317@linuxfoundation.org>
From: Tong Zhang <ztong0001@gmail.com>
[ Upstream commit 4416e98594dc04590ebc498fc4e530009535c511 ]
this one is similar to the phy_data allocation fix in uPD98402, the
driver allocate the idt77105_priv and store to dev_data but later
dereference using dev->dev_data, which will cause null-ptr-dereference.
fix this issue by changing dev_data to phy_data so that PRIV(dev) can
work correctly.
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/atm/idt77105.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/atm/idt77105.c b/drivers/atm/idt77105.c
index 082aa02abc57..be3ba90b76b9 100644
--- a/drivers/atm/idt77105.c
+++ b/drivers/atm/idt77105.c
@@ -261,7 +261,7 @@ static int idt77105_start(struct atm_dev *dev)
{
unsigned long flags;
- if (!(dev->dev_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL)))
+ if (!(dev->phy_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL)))
return -ENOMEM;
PRIV(dev)->dev = dev;
spin_lock_irqsave(&idt77105_priv_lock, flags);
@@ -338,7 +338,7 @@ static int idt77105_stop(struct atm_dev *dev)
else
idt77105_all = walk->next;
dev->phy = NULL;
- dev->dev_data = NULL;
+ dev->phy_data = NULL;
kfree(walk);
break;
}
--
2.30.1
next prev parent reply other threads:[~2021-03-29 8:24 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-29 7:57 [PATCH 4.14 00/59] 4.14.228-rc1 review Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 01/59] net: fec: ptp: avoid register access when ipg clock is disabled Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 02/59] powerpc/4xx: Fix build errors from mfdcr() Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 03/59] atm: eni: dont release is never initialized Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 04/59] atm: lanai: dont run lanai_dev_close if not open Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 05/59] Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 06/59] ixgbe: Fix memleak in ixgbe_configure_clsu32 Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 07/59] net: tehuti: fix error return code in bdx_probe() Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 08/59] sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 09/59] gpiolib: acpi: Add missing IRQF_ONESHOT Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 10/59] nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 11/59] NFS: Correct size calculation for create reply length Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 12/59] net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch() Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 13/59] net: wan: fix error return code of uhdlc_init() Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 14/59] atm: uPD98402: fix incorrect allocation Greg Kroah-Hartman
2021-03-29 7:57 ` Greg Kroah-Hartman [this message]
2021-03-29 7:57 ` [PATCH 4.14 16/59] sparc64: Fix opcode filtering in handling of no fault loads Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 17/59] u64_stats,lockdep: Fix u64_stats_init() vs lockdep Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 18/59] drm/radeon: fix AGP dependency Greg Kroah-Hartman
2021-03-29 7:57 ` [PATCH 4.14 19/59] nfs: we dont support removing system.nfs4_acl Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 20/59] ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 21/59] ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 22/59] squashfs: fix inode lookup sanity checks Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 23/59] squashfs: fix xattr id and id " Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 24/59] arm64: dts: ls1046a: mark crypto engine dma coherent Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 25/59] arm64: dts: ls1012a: " Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 26/59] arm64: dts: ls1043a: " Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 27/59] ARM: dts: at91-sama5d27_som1: fix phy address to 7 Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 28/59] dm ioctl: fix out of bounds array access when no devices Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 29/59] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 30/59] libbpf: Fix INSTALL flag order Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 31/59] macvlan: macvlan_count_rx() needs to be aware of preemption Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 32/59] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 33/59] e1000e: add rtnl_lock() to e1000_reset_task Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 34/59] e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 35/59] net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 36/59] ftgmac100: Restart MAC HW once Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 37/59] can: peak_usb: add forgotten supported devices Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 38/59] can: c_can_pci: c_can_pci_remove(): fix use-after-free Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 39/59] can: c_can: move runtime PM enable/disable to c_can_platform Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 40/59] can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 41/59] mac80211: fix rate mask reset Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 42/59] net: cdc-phonet: fix data-interface release on probe failure Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 43/59] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 44/59] drm/msm: fix shutdown hook in case GPU components failed to bind Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 45/59] arm64: kdump: update ppos when reading elfcorehdr Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 46/59] net/mlx5e: Fix error path for ethtool set-priv-flag Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 47/59] RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 48/59] ACPI: scan: Rearrange memory allocation in acpi_device_add() Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 49/59] ACPI: scan: Use unique number for instance_no Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 50/59] perf auxtrace: Fix auxtrace queue conflict Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 51/59] scsi: qedi: Fix error return code of qedi_alloc_global_queues() Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 52/59] scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 53/59] locking/mutex: Fix non debug version of mutex_lock_io_nested() Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 54/59] can: dev: Move device back to init netns on owning netns delete Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 55/59] net: sched: validate stab values Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 56/59] net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 57/59] mac80211: fix double free in ibss_leave Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 58/59] ext4: add reclaim checks to xattr code Greg Kroah-Hartman
2021-03-29 7:58 ` [PATCH 4.14 59/59] can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" Greg Kroah-Hartman
2021-03-29 21:33 ` [PATCH 4.14 00/59] 4.14.228-rc1 review Guenter Roeck
2021-03-30 6:53 ` Naresh Kamboju
2021-03-30 9:35 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210329075609.389310234@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=ztong0001@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.