Re: [PATCH] net: dsa: b53: Fix dereference of null dev
From: Vladimir Oltean
Date: Sat Jun 12 2021 - 11:05:28 EST
On Sat, Jun 12, 2021 at 03:44:07PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> Currently pointer priv is dereferencing dev before dev is being null
> checked so a potential null pointer dereference can occur. Fix this
> by only assigning and using priv if dev is not-null.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 16994374a6fc ("net: dsa: b53: Make SRAB driver manage port interrupts")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> ---
> drivers/net/dsa/b53/b53_srab.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/dsa/b53/b53_srab.c b/drivers/net/dsa/b53/b53_srab.c
> index aaa12d73784e..e77ac598f859 100644
> --- a/drivers/net/dsa/b53/b53_srab.c
> +++ b/drivers/net/dsa/b53/b53_srab.c
> @@ -629,11 +629,13 @@ static int b53_srab_probe(struct platform_device *pdev)
> static int b53_srab_remove(struct platform_device *pdev)
> {
> struct b53_device *dev = platform_get_drvdata(pdev);
> - struct b53_srab_priv *priv = dev->priv;
>
> - b53_srab_intr_set(priv, false);
> - if (dev)
> + if (dev) {
> + struct b53_srab_priv *priv = dev->priv;
> +
> + b53_srab_intr_set(priv, false);
> b53_switch_remove(dev);
> + }
>
> return 0;
> }
> --
> 2.31.1
>
I think the better question is how can "dev" be NULL in the first
place, since b53_srab_probe() does an unconditional platform_set_drvdata()
with what appears to be a non-NULL dev.