Re: [PATCH v2 7/9] net: stmmac: dwmac-sun8i: fix OF child-node lookup

From: Corentin Labbe
Date: Thu Sep 06 2018 - 16:03:45 EST

Next message: Reinette Chatre: "Re: [PATCH V2 5/6] x86/intel_rdt: Use perf infrastructure for measurements"
Previous message: Nadav Amit: "Re: [PATCH v2 1/6] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()""
Next in thread: Johan Hovold: "Re: [PATCH v2 7/9] net: stmmac: dwmac-sun8i: fix OF child-node lookup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 27, 2018 at 10:21:51AM +0200, Johan Hovold wrote:
> Use the new of_get_compatible_child() helper to lookup the mdio-internal
> child node instead of using of_find_compatible_node(), which searches
> the entire tree from a given start node and thus can return an unrelated
> (i.e. non-child) node.
>
> This also addresses a potential use-after-free (e.g. after probe
> deferral) as the tree-wide helper drops a reference to its first
> argument (i.e. the mdio-mux node). Fortunately, this was inadvertently
> balanced by a failure to drop the mdio-mux reference after lookup.
>
> While at it, also fix the related mdio-internal- and phy-node reference
> leaks.
>
> Fixes: 634db83b8265 ("net: stmmac: dwmac-sun8i: Handle integrated/external MDIOs")
> Cc: Corentin Labbe <clabbe.montjoie@xxxxxxxxx>
> Cc: Andrew Lunn <andrew@xxxxxxx>
> Cc: Giuseppe Cavallaro <peppe.cavallaro@xxxxxx>
> Cc: Alexandre Torgue <alexandre.torgue@xxxxxx>
> Cc: Jose Abreu <joabreu@xxxxxxxxxxxx>
> Cc: David S. Miller <davem@xxxxxxxxxxxxx>
> Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
> ---
> drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
> index f9a61f90cfbc..0f660af01a4b 100644
> --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
> +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
> @@ -714,8 +714,9 @@ static int get_ephy_nodes(struct stmmac_priv *priv)
> return -ENODEV;
> }
>
> - mdio_internal = of_find_compatible_node(mdio_mux, NULL,
> + mdio_internal = of_get_compatible_child(mdio_mux,
> "allwinner,sun8i-h3-mdio-internal");
> + of_node_put(mdio_mux);
> if (!mdio_internal) {
> dev_err(priv->device, "Cannot get internal_mdio node\n");
> return -ENODEV;
> @@ -729,13 +730,20 @@ static int get_ephy_nodes(struct stmmac_priv *priv)
> gmac->rst_ephy = of_reset_control_get_exclusive(iphynode, NULL);
> if (IS_ERR(gmac->rst_ephy)) {
> ret = PTR_ERR(gmac->rst_ephy);
> - if (ret == -EPROBE_DEFER)
> + if (ret == -EPROBE_DEFER) {
> + of_node_put(iphynode);
> + of_node_put(mdio_internal);
> return ret;
> + }
> continue;
> }
> dev_info(priv->device, "Found internal PHY node\n");
> + of_node_put(iphynode);
> + of_node_put(mdio_internal);
> return 0;
> }
> +
> + of_node_put(mdio_internal);
> return -ENODEV;
> }
>
> --
> 2.18.0
>

Sorry for the delay
Tested-by: Corentin Labbe <clabbe.montjoie@xxxxxxxxx>

Next message: Reinette Chatre: "Re: [PATCH V2 5/6] x86/intel_rdt: Use perf infrastructure for measurements"
Previous message: Nadav Amit: "Re: [PATCH v2 1/6] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()""
Next in thread: Johan Hovold: "Re: [PATCH v2 7/9] net: stmmac: dwmac-sun8i: fix OF child-node lookup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]