2020-09-27 14:01:16

by Ioana Ciornei

[permalink] [raw]
Subject: Re: [PATCH] dpaa2-mac: Fix potential null pointer dereference

On Sun, Sep 27, 2020 at 02:31:20PM +0100, Alex Dewar wrote:
> In dpaa2_pcs_destroy, variable pcs is dereference before it is
> null-checked. Fix this.
>
> Addresses-Coverity: CID 1497159: Null pointer dereferences (REVERSE_INULL)
> Signed-off-by: Alex Dewar <[email protected]>
> ---
> drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
> index 6ff64dd1cf27..09bf4fec1172 100644
> --- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
> +++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
> @@ -291,11 +291,10 @@ static int dpaa2_pcs_create(struct dpaa2_mac *mac,
> static void dpaa2_pcs_destroy(struct dpaa2_mac *mac)
> {
> struct lynx_pcs *pcs = mac->pcs;
> - struct device *dev = &pcs->mdio->dev;
>
> if (pcs) {
> lynx_pcs_destroy(pcs);
> - put_device(dev);
> + put_device(&pcs->mdio->dev);
> mac->pcs = NULL;
> }
> }

This would introduce another problem because you would access an already
freed pcs. Maybe just move the declaration and initialization of dev
inside the if statement.

Thanks, Ioana