Hi,

I found a few potential null-pointer dereferences in vortex_probe1() in
Linux 6.18.

IIn this function, gendev is checked at lines 1109 and 1173, which
indicates that it may be NULL. However, it is later passed directly to
dma_alloc_coherent() at line 1211:

  vp->rx_ring = dma_alloc_coherent(gendev, ...)

This can lead to some null-pointer dereferences. Here is an example
calling context:

  dma_alloc_coherent(gendev, ...)
    dma_alloc_attrs(dev, ...)
      get_dma_ops(dev);
          if (dev->dma_ops)   // dereferenced here
      WARN_ON_ONCE(!dev->coherent_dma_mask);  // dereferenced here

Similarly, pdev is checked by an if statement at line 1466, but is then
used unconditionally when freeing DMA memory at line 1476:

  dma_free_coherent(&pdev->dev, ...)

It looks like these issues stem from the call at line 987 used as a
workaround for the Compaq PCI BIOS32 problem:

vortex_eisa_init(void)
  /* Special code to work-around the Compaq PCI BIOS32 problem. */
  if (compaq_ioaddr) {
    vortex_probe1(NULL, ioport_map(compaq_ioaddr, VORTEX_TOTAL_SIZE),
      compaq_irq, compaq_device_id, vortex_cards_found++);
  }

This passes a NULL gendev into vortex_probe1().

I am not fully sure whether these paths are reachable in practice and how
to fix it. Any feedback would be appreciated.

Sincerely,
Tuo Li