From: Jesper Juhl <jj@chaosbits.net>
Date: Mon, 24 Jan 2011 20:14:33 +0000 (+0100)
Subject: PCI: Avoid potential NULL pointer dereference in pci_scan_bridge
X-Git-Tag: v2.6.39-rc1~416^2~13
X-Git-Url: https://openfabrics.org/gitweb/?a=commitdiff_plain;h=7c867c8899e873652ef98a890d2e647c092bec25;p=~shefty%2Frdma-dev.git

PCI: Avoid potential NULL pointer dereference in pci_scan_bridge

pci_add_new_bus() calls pci_alloc_child_bus() which calls pci_alloc_bus()
that allocates memory dynamically with kzalloc(). The return value of
kzalloc() is the pointer that's eventually returned from
pci_add_new_bus(), so since kzalloc() can fail and return NULL so can
pci_add_new_bus(). Thus we may end up dereferencing a NULL pointer in
drivers/pci/probe.c::pci_scan_bridge(). Seems to me we should test for
this and bail out if it happens rather than crashing.
Also removed some trailing whitespace that bugged me while looking at
this.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
---

diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index c84900da3c5..44cbbbaa499 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -764,6 +764,8 @@ int __devinit pci_scan_bridge(struct pci_bus *bus, struct pci_dev *dev, int max,
 		if (pci_find_bus(pci_domain_nr(bus), max+1))
 			goto out;
 		child = pci_add_new_bus(bus, dev, ++max);
+		if (!child)
+			goto out;
 		buses = (buses & 0xff000000)
 		      | ((unsigned int)(child->primary)     <<  0)
 		      | ((unsigned int)(child->secondary)   <<  8)
@@ -777,7 +779,7 @@ int __devinit pci_scan_bridge(struct pci_bus *bus, struct pci_dev *dev, int max,
 			buses &= ~0xff000000;
 			buses |= CARDBUS_LATENCY_TIMER << 24;
 		}
-			
+
 		/*
 		 * We need to blast all three values with a single write.
 		 */