[PATCH 4.4 10/33] atm: idt77252: fix null-ptr-dereference

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Tong Zhang <ztong0001@gmail.com>,
	"David S. Miller" <davem@davemloft.net>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 10/33] atm: idt77252: fix null-ptr-dereference
Date: Mon, 29 Mar 2021 09:57:55 +0200	[thread overview]
Message-ID: <20210329075605.608064757@linuxfoundation.org> (raw)
In-Reply-To: <20210329075605.290845195@linuxfoundation.org>

From: Tong Zhang <ztong0001@gmail.com>

[ Upstream commit 4416e98594dc04590ebc498fc4e530009535c511 ]

this one is similar to the phy_data allocation fix in uPD98402, the
driver allocate the idt77105_priv and store to dev_data but later
dereference using dev->dev_data, which will cause null-ptr-dereference.

fix this issue by changing dev_data to phy_data so that PRIV(dev) can
work correctly.

Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/atm/idt77105.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/atm/idt77105.c b/drivers/atm/idt77105.c
index feb023d7eebd..40644670cff2 100644
--- a/drivers/atm/idt77105.c
+++ b/drivers/atm/idt77105.c
@@ -261,7 +261,7 @@ static int idt77105_start(struct atm_dev *dev)
 {
 	unsigned long flags;
 
-	if (!(dev->dev_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL)))
+	if (!(dev->phy_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL)))
 		return -ENOMEM;
 	PRIV(dev)->dev = dev;
 	spin_lock_irqsave(&idt77105_priv_lock, flags);
@@ -338,7 +338,7 @@ static int idt77105_stop(struct atm_dev *dev)
                 else
                     idt77105_all = walk->next;
 	        dev->phy = NULL;
-                dev->dev_data = NULL;
+                dev->phy_data = NULL;
                 kfree(walk);
                 break;
             }
-- 
2.30.1

next prev parent reply	other threads:[~2021-03-29  8:00 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-29  7:57 [PATCH 4.4 00/33] 4.4.264-rc1 review Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 01/33] net: fec: ptp: avoid register access when ipg clock is disabled Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 02/33] powerpc/4xx: Fix build errors from mfdcr() Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 03/33] atm: eni: dont release is never initialized Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 04/33] atm: lanai: dont run lanai_dev_close if not open Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 05/33] net: tehuti: fix error return code in bdx_probe() Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 06/33] sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 07/33] nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 08/33] NFS: Correct size calculation for create reply length Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 09/33] atm: uPD98402: fix incorrect allocation Greg Kroah-Hartman
2021-03-29  7:57 ` Greg Kroah-Hartman [this message]
2021-03-29  7:57 ` [PATCH 4.4 11/33] u64_stats,lockdep: Fix u64_stats_init() vs lockdep Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 12/33] nfs: we dont support removing system.nfs4_acl Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 13/33] ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls Greg Kroah-Hartman
2021-03-29  7:57 ` [PATCH 4.4 14/33] ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 15/33] x86/tlb: Flush global mappings when KAISER is disabled Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 16/33] squashfs: fix inode lookup sanity checks Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 17/33] squashfs: fix xattr id and id " Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 18/33] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 19/33] macvlan: macvlan_count_rx() needs to be aware of preemption Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 20/33] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 21/33] e1000e: add rtnl_lock() to e1000_reset_task Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 22/33] e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 23/33] net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 24/33] can: c_can_pci: c_can_pci_remove(): fix use-after-free Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 25/33] can: c_can: move runtime PM enable/disable to c_can_platform Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 26/33] can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 27/33] mac80211: fix rate mask reset Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 28/33] net: cdc-phonet: fix data-interface release on probe failure Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 29/33] RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 30/33] perf auxtrace: Fix auxtrace queue conflict Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 31/33] can: dev: Move device back to init netns on owning netns delete Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 32/33] net: sched: validate stab values Greg Kroah-Hartman
2021-03-29  7:58 ` [PATCH 4.4 33/33] mac80211: fix double free in ibss_leave Greg Kroah-Hartman
2021-03-29 10:18 ` [PATCH 4.4 00/33] 4.4.264-rc1 review Pavel Machek
2021-03-29 21:32 ` Guenter Roeck
2021-03-30  1:28 ` Shuah Khan
2021-03-30  7:28 ` Naresh Kamboju
2021-03-30  9:35 ` Jon Hunter

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:feb023d7eeb dfblob:40644670cff )
 OR (
bs:"[PATCH 4.4 10/33] atm: idt77252: fix null-ptr-dereference" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210329075605.608064757@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=ztong0001@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox