e100: Add a check after pci_pool_create to avoid null pointer dereference
authorJia-Ju Bai <baijiaju1990@163.com>
Mon, 3 Aug 2015 02:17:08 +0000 (10:17 +0800)
committerJeff Kirsher <jeffrey.t.kirsher@intel.com>
Tue, 18 Aug 2015 21:06:05 +0000 (14:06 -0700)
The driver lacks the check of nic->cbs_pool after pci_pool_create
in e100_probe. When this function is failed, a null pointer dereference
occurs when pci_pool_alloc uses nic->cbs_pool in e100_alloc_cbs.
This patch adds a check and related error handling code to fix it.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
drivers/net/ethernet/intel/e100.c

index d2657a412768839145b57c656a2349cb750a146a..767c161735e3c76aa90114ba3932c6d77654ed40 100644 (file)
@@ -2967,6 +2967,11 @@ static int e100_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
                           nic->params.cbs.max * sizeof(struct cb),
                           sizeof(u32),
                           0);
+       if (!nic->cbs_pool) {
+               netif_err(nic, probe, nic->netdev, "Cannot create DMA pool, aborting\n");
+               err = -ENOMEM;
+               goto err_out_pool;
+       }
        netif_info(nic, probe, nic->netdev,
                   "addr 0x%llx, irq %d, MAC addr %pM\n",
                   (unsigned long long)pci_resource_start(pdev, use_io ? 1 : 0),
@@ -2974,6 +2979,8 @@ static int e100_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 
        return 0;
 
+err_out_pool:
+       unregister_netdev(netdev);
 err_out_free:
        e100_free(nic);
 err_out_iounmap: