Patch "net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices" has been added to the 5.15-stable tree

[Sasha Levin <sashal@xxxxxxxxxx>]

This is a note to let you know that I've just added the patch titled

    net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-phy-dp83822-fix-null-pointer-access-on-dp83825-d.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit e0556055f1997f97286b2e713a78027e9b69a0c1
Author: Andre Kalb <andre.kalb@xxxxxx>
Date:   Wed Jan 25 19:23:26 2023 +0100

    net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
    
    [ Upstream commit 422ae7d9c7221e8d4c8526d0f54106307d69d2dc ]
    
    The probe() function is only used for the DP83822 PHY, leaving the
    private data pointer uninitialized for the smaller DP83825/26 models.
    While all uses of the private data structure are hidden in 82822 specific
    callbacks, configuring the interrupt is shared across all models.
    This causes a NULL pointer dereference on the smaller PHYs as it accesses
    the private data unchecked. Verifying the pointer avoids that.
    
    Fixes: 5dc39fd5ef35 ("net: phy: DP83822: Add ability to advertise Fiber connection")
    Signed-off-by: Andre Kalb <andre.kalb@xxxxxx>
    Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/Y9FzniUhUtbaGKU7@pc6682
    Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/phy/dp83822.c b/drivers/net/phy/dp83822.c
index 0b511abb5422..f070aa97c77b 100644
--- a/drivers/net/phy/dp83822.c
+++ b/drivers/net/phy/dp83822.c
@@ -232,7 +232,8 @@ static int dp83822_config_intr(struct phy_device *phydev)
 				DP83822_ENERGY_DET_INT_EN |
 				DP83822_LINK_QUAL_INT_EN);
 
-		if (!dp83822->fx_enabled)
+		/* Private data pointer is NULL on DP83825/26 */
+		if (!dp83822 || !dp83822->fx_enabled)
 			misr_status |= DP83822_ANEG_COMPLETE_INT_EN |
 				       DP83822_DUP_MODE_CHANGE_INT_EN |
 				       DP83822_SPEED_CHANGED_INT_EN;
@@ -252,7 +253,8 @@ static int dp83822_config_intr(struct phy_device *phydev)
 				DP83822_PAGE_RX_INT_EN |
 				DP83822_EEE_ERROR_CHANGE_INT_EN);
 
-		if (!dp83822->fx_enabled)
+		/* Private data pointer is NULL on DP83825/26 */
+		if (!dp83822 || !dp83822->fx_enabled)
 			misr_status |= DP83822_ANEG_ERR_INT_EN |
 				       DP83822_WOL_PKT_INT_EN;