net: phy: qcom: at803x: fix kernel panic with at8031_probe

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

On reworking and splitting the at803x driver, in splitting function of
at803x PHYs it was added a NULL dereference bug where priv is referenced
before it's actually allocated and then is tried to write to for the
is_1000basex and is_fiber variables in the case of at8031, writing on
the wrong address.

Fix this by correctly setting priv local variable only after
at803x_probe is called and actually allocates priv in the phydev struct.

Reported-by: William Wortel <wwortel@dorpstraat.com>
Cc: <stable@vger.kernel.org>
Fixes: 25d2ba94005f ("net: phy: at803x: move specific at8031 probe mode check to dedicated probe")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20240325190621.2665-1-ansuelsmth@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

authored by

Christian Marangi and committed by

Paolo Abeni 2 years ago 6a4aee27 005e528c

+3 -1

1 changed file

expand all

drivers

net

phy

qcom

at803x.c

+3 -1

drivers/net/phy/qcom/at803x.c

··· 797 797 798 798 static int at8031_probe(struct phy_device *phydev) 799 799 { 800 - struct at803x_priv *priv = phydev->priv; 800 + struct at803x_priv *priv; 801 801 int mode_cfg; 802 802 int ccr; 803 803 int ret; ··· 805 805 ret = at803x_probe(phydev); 806 806 if (ret) 807 807 return ret; 808 + 809 + priv = phydev->priv; 808 810 809 811 /* Only supported on AR8031/AR8033, the AR8030/AR8035 use strapping 810 812 * options.