[net-next] net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()

platform_get_resource() may fail and return NULL, so we should
better check it's return value to avoid a NULL pointer dereference
a bit later in the code.

This is detected by Coccinelle semantic patch.

@@
expression pdev, res, n, t, e, e1, e2;
@@

res = platform_get_resource(pdev, t, n);
+ if (!res)
+   return -EINVAL;
... when != res == NULL
e = devm_ioremap(e1, res->start, e2);

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
---
 drivers/net/phy/mdio-bcm-unimac.c | 2 ++
 1 file changed, 2 insertions(+)

From: Wei Yongjun <weiyongjun1@huawei.com>
Date: Thu, 11 Jan 2018 11:21:51 +0000

> platform_get_resource() may fail and return NULL, so we should
> better check it's return value to avoid a NULL pointer dereference
> a bit later in the code.
> 
> This is detected by Coccinelle semantic patch.
> 
> @@
> expression pdev, res, n, t, e, e1, e2;
> @@
> 
> res = platform_get_resource(pdev, t, n);
> + if (!res)
> +   return -EINVAL;
> ... when != res == NULL
> e = devm_ioremap(e1, res->start, e2);
> 
> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>

Applied, thank you.

> diff --git a/drivers/net/phy/mdio-bcm-unimac.c b/drivers/net/phy/mdio-bcm-unimac.c
> index 08e0647..8d37066 100644
> --- a/drivers/net/phy/mdio-bcm-unimac.c
> +++ b/drivers/net/phy/mdio-bcm-unimac.c
> @@ -205,6 +205,8 @@ static int unimac_mdio_probe(struct platform_device *pdev)
>  		return -ENOMEM;
>  
>  	r = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> +	if (!r)
> +		return -EINVAL;
>  
>  	/* Just ioremap, as this MDIO block is usually integrated into an
>  	 * Ethernet MAC controller register range
> 

I have to say, the devm_*() routines may make it easier to write drivers and probe
routines, but it makes patches much harder to review.

I couldn't figure out if you were leaking resources here without going into the
source file and looking at all of the relevant context.

Just though I'd make this meta-comment...

On 01/11/2018 10:57 AM, David Miller wrote:
> From: Wei Yongjun <weiyongjun1@huawei.com>
> Date: Thu, 11 Jan 2018 11:21:51 +0000
> 
>> platform_get_resource() may fail and return NULL, so we should
>> better check it's return value to avoid a NULL pointer dereference
>> a bit later in the code.
>>
>> This is detected by Coccinelle semantic patch.
>>
>> @@
>> expression pdev, res, n, t, e, e1, e2;
>> @@
>>
>> res = platform_get_resource(pdev, t, n);
>> + if (!res)
>> +   return -EINVAL;
>> ... when != res == NULL
>> e = devm_ioremap(e1, res->start, e2);
>>
>> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
> 
> Applied, thank you.

Sorry, being really lagging behind lately:

Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>

> 
>> diff --git a/drivers/net/phy/mdio-bcm-unimac.c b/drivers/net/phy/mdio-bcm-unimac.c
>> index 08e0647..8d37066 100644
>> --- a/drivers/net/phy/mdio-bcm-unimac.c
>> +++ b/drivers/net/phy/mdio-bcm-unimac.c
>> @@ -205,6 +205,8 @@ static int unimac_mdio_probe(struct platform_device *pdev)
>>  		return -ENOMEM;
>>  
>>  	r = platform_get_resource(pdev, IORESOURCE_MEM, 0);
>> +	if (!r)
>> +		return -EINVAL;
>>  
>>  	/* Just ioremap, as this MDIO block is usually integrated into an
>>  	 * Ethernet MAC controller register range
>>
> 
> I have to say, the devm_*() routines may make it easier to write drivers and probe
> routines, but it makes patches much harder to review.
> 
> I couldn't figure out if you were leaking resources here without going into the
> source file and looking at all of the relevant context.
> 
> Just though I'd make this meta-comment...

Agreed, what appears to be worse is that the kitchen sync routine like
devm_ioremap_resource() properly protects against NULL resource pointer
whereas simpler routines like devm_ioremap() do not because it usually
is called from a caller that did the check for us.

Thanks Wei!
--
Florian