From 99796d5a3c56f08b4a3a37e7e3f0cb42b19a506f Mon Sep 17 00:00:00 2001 From: Christoph Fritz Date: Fri, 28 May 2010 10:45:59 +0200 Subject: ssb: fix NULL ptr deref when pcihost_wrapper is used commit da1fdb02d9200ff28b6f3a380d21930335fe5429 upstream. Ethernet driver b44 does register ssb by it's pcihost_wrapper and doesn't set ssb_chipcommon. A check on this value introduced with commit d53cdbb94a52a920d5420ed64d986c3523a56743 and ea2db495f92ad2cf3301623e60cb95b4062bc484 triggers: BUG: unable to handle kernel NULL pointer dereference at 00000010 IP: [] ssb_is_sprom_available+0x16/0x30 Signed-off-by: Christoph Fritz Signed-off-by: John W. Linville Cc: Larry Finger Cc: Ben Hutchings Signed-off-by: Greg Kroah-Hartman --- drivers/ssb/pci.c | 9 ++++++--- drivers/ssb/sprom.c | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/ssb/pci.c b/drivers/ssb/pci.c index 5bb1278759c1..243db85dbdb8 100644 --- a/drivers/ssb/pci.c +++ b/drivers/ssb/pci.c @@ -624,9 +624,12 @@ static int ssb_pci_sprom_get(struct ssb_bus *bus, ssb_printk(KERN_ERR PFX "No SPROM available!\n"); return -ENODEV; } - - bus->sprom_offset = (bus->chipco.dev->id.revision < 31) ? - SSB_SPROM_BASE1 : SSB_SPROM_BASE31; + if (bus->chipco.dev) { /* can be unavailible! */ + bus->sprom_offset = (bus->chipco.dev->id.revision < 31) ? + SSB_SPROM_BASE1 : SSB_SPROM_BASE31; + } else { + bus->sprom_offset = SSB_SPROM_BASE1; + } buf = kcalloc(SSB_SPROMSIZE_WORDS_R123, sizeof(u16), GFP_KERNEL); if (!buf) diff --git a/drivers/ssb/sprom.c b/drivers/ssb/sprom.c index 042c643957d7..5f7154d9d04e 100644 --- a/drivers/ssb/sprom.c +++ b/drivers/ssb/sprom.c @@ -188,6 +188,7 @@ bool ssb_is_sprom_available(struct ssb_bus *bus) /* this routine differs from specs as we do not access SPROM directly on PCMCIA */ if (bus->bustype == SSB_BUSTYPE_PCI && + bus->chipco.dev && /* can be unavailible! */ bus->chipco.dev->id.revision >= 31) return bus->chipco.capabilities & SSB_CHIPCO_CAP_SPROM; -- cgit v1.2.3