From db9107b4972bbcb81ee6bc12f365dbe8684b137c Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Tue, 12 Jan 2016 12:34:36 +0300 Subject: [PATCH] mdio_bus: NULL dereference on allocation error If bus = kzalloc() fails then we end up dereferencing bus when we do "bus->irq[i] = PHY_POLL;". The code is a little simpler if we reverse the NULL check and return directly on failure. Fixes: e7f4dc3536a4 ('mdio: Move allocation of interrupts into core') Signed-off-by: Dan Carpenter Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller --- drivers/net/phy/mdio_bus.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c index 0be7b3d65f0f..0cba64f1ecf4 100644 --- a/drivers/net/phy/mdio_bus.c +++ b/drivers/net/phy/mdio_bus.c @@ -102,11 +102,12 @@ struct mii_bus *mdiobus_alloc_size(size_t size) alloc_size = sizeof(*bus); bus = kzalloc(alloc_size, GFP_KERNEL); - if (bus) { - bus->state = MDIOBUS_ALLOCATED; - if (size) - bus->priv = (void *)bus + aligned_size; - } + if (!bus) + return NULL; + + bus->state = MDIOBUS_ALLOCATED; + if (size) + bus->priv = (void *)bus + aligned_size; /* Initialise the interrupts to polling */ for (i = 0; i < PHY_MAX_ADDR; i++) -- 2.20.1