From e8e5752dc0a56a01527055b0c37510b1d6b6b861 Mon Sep 17 00:00:00 2001
From: Krzysztof Halasa <khc@pm.waw.pl>
Date: Wed, 17 Dec 2008 00:24:13 -0800
Subject: net: kernel BUG at drivers/net/phy/mdio_bus.c:165!

kernel BUG at drivers/net/phy/mdio_bus.c:165!
Unable to handle kernel NULL pointer dereference at virtual address 00000000

How?

mdiobus_alloc() sets bus->state = MDIOBUS_ALLOCATED.

mdiobus_register() sets bus->state = MDIOBUS_REGISTERED but then can
   fail (mdiobus_scan()) returning an error to the caller.

The caller aborts correctly with mdiobus_free() which does:
        if (bus->state == MDIOBUS_ALLOCATED) {
                kfree(bus);
                return;
        }

        BUG_ON(bus->state != MDIOBUS_UNREGISTERED);

Signed-off-by: Krzysztof Halasa <khc@pm.waw.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 drivers/net/phy/mdio_bus.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'drivers/net/phy/mdio_bus.c')

diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index 536bda1f428b..289fc267edf3 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -105,8 +105,6 @@ int mdiobus_register(struct mii_bus *bus)
 		return -EINVAL;
 	}
 
-	bus->state = MDIOBUS_REGISTERED;
-
 	mutex_init(&bus->mdio_lock);
 
 	if (bus->reset)
@@ -123,6 +121,9 @@ int mdiobus_register(struct mii_bus *bus)
 		}
 	}
 
+	if (!err)
+		bus->state = MDIOBUS_REGISTERED;
+
 	pr_info("%s: probed\n", bus->name);
 
 	return err;
-- 
cgit v1.2.3