9b9ce2a3cd01eb04dd96194df4442d6be8f1dc0e
[openwrt/staging/pepe2k.git] /
1 From 6a4aee277740d04ac0fd54cfa17cc28261932ddc Mon Sep 17 00:00:00 2001
2 From: Christian Marangi <ansuelsmth@gmail.com>
3 Date: Mon, 25 Mar 2024 20:06:19 +0100
4 Subject: [PATCH] net: phy: qcom: at803x: fix kernel panic with at8031_probe
5
6 On reworking and splitting the at803x driver, in splitting function of
7 at803x PHYs it was added a NULL dereference bug where priv is referenced
8 before it's actually allocated and then is tried to write to for the
9 is_1000basex and is_fiber variables in the case of at8031, writing on
10 the wrong address.
11
12 Fix this by correctly setting priv local variable only after
13 at803x_probe is called and actually allocates priv in the phydev struct.
14
15 Reported-by: William Wortel <wwortel@dorpstraat.com>
16 Cc: <stable@vger.kernel.org>
17 Fixes: 25d2ba94005f ("net: phy: at803x: move specific at8031 probe mode check to dedicated probe")
18 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
19 Reviewed-by: Andrew Lunn <andrew@lunn.ch>
20 Link: https://lore.kernel.org/r/20240325190621.2665-1-ansuelsmth@gmail.com
21 Signed-off-by: Paolo Abeni <pabeni@redhat.com>
22 ---
23 drivers/net/phy/qcom/at803x.c | 4 +++-
24 1 file changed, 3 insertions(+), 1 deletion(-)
25
26 --- a/drivers/net/phy/qcom/at803x.c
27 +++ b/drivers/net/phy/qcom/at803x.c
28 @@ -797,7 +797,7 @@ static int at8031_parse_dt(struct phy_de
29
30 static int at8031_probe(struct phy_device *phydev)
31 {
32 - struct at803x_priv *priv = phydev->priv;
33 + struct at803x_priv *priv;
34 int mode_cfg;
35 int ccr;
36 int ret;
37 @@ -806,6 +806,8 @@ static int at8031_probe(struct phy_devic
38 if (ret)
39 return ret;
40
41 + priv = phydev->priv;
42 +
43 /* Only supported on AR8031/AR8033, the AR8030/AR8035 use strapping
44 * options.
45 */