* [PATCH] net: dsa: avoid null pointer dereference on p->phy
@ 2017-09-23 16:57 Colin King
2017-09-23 17:13 ` Joe Perches
2017-09-23 17:21 ` Florian Fainelli
0 siblings, 2 replies; 3+ messages in thread
From: Colin King @ 2017-09-23 16:57 UTC (permalink / raw)
To: Andrew Lunn, Vivien Didelot, Florian Fainelli, David S . Miller,
netdev
Cc: kernel-janitors, linux-kernel
From: Colin Ian King <colin.king@canonical.com>
Currently p->phy is being null checked in several places to avoid
null pointer dereferences on p->phy, however, the final call
to phy_attached_info on p->phy when p->phy will perform a null
pointer dereference. Fix this by simply moving the call into
the previous code block that is only executed if p->phy is
not null.
Detected by CoverityScan, CID#1457034 ("Dereference after null check")
Fixes: 2220943a21e2 ("phy: Centralise print about attached phy")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
net/dsa/slave.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/dsa/slave.c b/net/dsa/slave.c
index 02ace7d462c4..29ab4e98639b 100644
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -1115,10 +1115,9 @@ static int dsa_slave_phy_setup(struct net_device *slave_dev)
of_phy_deregister_fixed_link(port_dn);
return ret;
}
+ phy_attached_info(p->phy);
}
- phy_attached_info(p->phy);
-
return 0;
}
--
2.14.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] net: dsa: avoid null pointer dereference on p->phy
2017-09-23 16:57 [PATCH] net: dsa: avoid null pointer dereference on p->phy Colin King
@ 2017-09-23 17:13 ` Joe Perches
2017-09-23 17:21 ` Florian Fainelli
1 sibling, 0 replies; 3+ messages in thread
From: Joe Perches @ 2017-09-23 17:13 UTC (permalink / raw)
To: Colin King, Andrew Lunn, Vivien Didelot, Florian Fainelli,
David S . Miller, netdev
Cc: kernel-janitors, linux-kernel
On Sat, 2017-09-23 at 17:57 +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Currently p->phy is being null checked in several places to avoid
> null pointer dereferences on p->phy, however, the final call
> to phy_attached_info on p->phy when p->phy will perform a null
> pointer dereference. Fix this by simply moving the call into
> the previous code block that is only executed if p->phy is
> not null.
>
> Detected by CoverityScan, CID#1457034 ("Dereference after null check")
>
> Fixes: 2220943a21e2 ("phy: Centralise print about attached phy")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> net/dsa/slave.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/net/dsa/slave.c b/net/dsa/slave.c
> index 02ace7d462c4..29ab4e98639b 100644
> --- a/net/dsa/slave.c
> +++ b/net/dsa/slave.c
> @@ -1115,10 +1115,9 @@ static int dsa_slave_phy_setup(struct net_device *slave_dev)
> of_phy_deregister_fixed_link(port_dn);
> return ret;
> }
> + phy_attached_info(p->phy);
> }
>
> - phy_attached_info(p->phy);
> -
> return 0;
> }
Huh? Why move this into the test?
The test of the block above this change is
if (!p->phy) {
Perhaps this should be
'
if (p->phy)
phy_attached_info(p->phy);
or simpler
} else {
phy_attached_info(p->phy);
}
or maybe reverse the block
if (p->phy) {
phy_attached_info(p->phy);
} else {
ret = dsa_slave_phy_connect(slave_dev, p->dp->index);
if (ret) {
netdev_err(slave_dev, "failed to connect to port %d: %d\n",
p->dp->index, ret);
if (phy_is_fixed)
of_phy_deregister_fixed_link(port_dn);
return ret;
}
}
return 0;
}
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] net: dsa: avoid null pointer dereference on p->phy
2017-09-23 16:57 [PATCH] net: dsa: avoid null pointer dereference on p->phy Colin King
2017-09-23 17:13 ` Joe Perches
@ 2017-09-23 17:21 ` Florian Fainelli
1 sibling, 0 replies; 3+ messages in thread
From: Florian Fainelli @ 2017-09-23 17:21 UTC (permalink / raw)
To: Colin King, Andrew Lunn, Vivien Didelot, David S . Miller, netdev
Cc: kernel-janitors, linux-kernel
On 09/23/2017 09:57 AM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Currently p->phy is being null checked in several places to avoid
> null pointer dereferences on p->phy, however, the final call
> to phy_attached_info on p->phy when p->phy will perform a null
> pointer dereference. Fix this by simply moving the call into
> the previous code block that is only executed if p->phy is
> not null.
>
> Detected by CoverityScan, CID#1457034 ("Dereference after null check")
The code flow is not exactly easy to read, but I don't see how we can
actually wind up in that situation because we check the return values of
of_phy_connect() and dsa_slave_phy_connect() earlier on.
>
> Fixes: 2220943a21e2 ("phy: Centralise print about attached phy")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> net/dsa/slave.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/net/dsa/slave.c b/net/dsa/slave.c
> index 02ace7d462c4..29ab4e98639b 100644
> --- a/net/dsa/slave.c
> +++ b/net/dsa/slave.c
> @@ -1115,10 +1115,9 @@ static int dsa_slave_phy_setup(struct net_device *slave_dev)
> of_phy_deregister_fixed_link(port_dn);
> return ret;
> }
> + phy_attached_info(p->phy);
> }
>
> - phy_attached_info(p->phy);
> -
> return 0;
> }
>
>
--
Florian
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-09-23 17:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-09-23 16:57 [PATCH] net: dsa: avoid null pointer dereference on p->phy Colin King
2017-09-23 17:13 ` Joe Perches
2017-09-23 17:21 ` Florian Fainelli
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).