PCI: pciehp: Prevent NULL dereference during probe
authorAndreas Noever <andreas.noever@gmail.com>
Tue, 16 Sep 2014 21:16:02 +0000 (15:16 -0600)
committerBjorn Helgaas <bhelgaas@google.com>
Tue, 16 Sep 2014 21:16:02 +0000 (15:16 -0600)
pciehp assumes that dev->subordinate, the struct pci_bus for a bridge's
secondary bus, exists.  But we do not create that bus if we run out of bus
numbers during enumeration.  This leads to a NULL dereference in
init_slot() (and other places).

Change pciehp_probe() to return -ENODEV when no secondary bus is present.

Signed-off-by: Andreas Noever <andreas.noever@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
CC: stable@vger.kernel.org # v3.2+
drivers/pci/hotplug/pciehp_core.c

index 07aa722bb12cd61a6a3a8767b2efe1dd826e6952..3a5e7e28b8740307efd8eb2aa5e69c9717cd0e81 100644 (file)
@@ -262,6 +262,13 @@ static int pciehp_probe(struct pcie_device *dev)
                goto err_out_none;
        }
 
+       if (!dev->port->subordinate) {
+               /* Can happen if we run out of bus numbers during probe */
+               dev_err(&dev->device,
+                       "Hotplug bridge without secondary bus, ignoring\n");
+               goto err_out_none;
+       }
+
        ctrl = pcie_init(dev);
        if (!ctrl) {
                dev_err(&dev->device, "Controller initialization failed\n");