From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Yanfei Xu <yanfei.xu@windriver.com>,
Pavel Skripkin <paskripkin@gmail.com>,
Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 4.4 09/17] Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Date: Mon, 1 Nov 2021 10:17:12 +0100 [thread overview]
Message-ID: <20211101082442.644515254@linuxfoundation.org> (raw)
In-Reply-To: <20211101082440.664392327@linuxfoundation.org>
From: Pavel Skripkin <paskripkin@gmail.com>
commit 10eff1f5788b6ffac212c254e2f3666219576889 upstream.
This reverts commit ab609f25d19858513919369ff3d9a63c02cd9e2e.
This patch is correct in the sense that we _should_ call device_put() in
case of device_register() failure, but the problem in this code is more
vast.
We need to set bus->state to UNMDIOBUS_REGISTERED before calling
device_register() to correctly release the device in mdiobus_free().
This patch prevents us from doing it, since in case of device_register()
failure put_device() will be called 2 times and it will cause UAF or
something else.
Also, Reported-by: tag in revered commit was wrong, since syzbot
reported different leak in same function.
Link: https://lore.kernel.org/netdev/20210928092657.GI2048@kadam/
Acked-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Link: https://lore.kernel.org/r/f12fb1faa4eccf0f355788225335eb4309ff2599.1633024062.git.paskripkin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/mdio_bus.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -274,7 +274,6 @@ int __mdiobus_register(struct mii_bus *b
err = device_register(&bus->dev);
if (err) {
pr_err("mii_bus %s failed to register\n", bus->id);
- put_device(&bus->dev);
return -EINVAL;
}
next prev parent reply other threads:[~2021-11-01 9:20 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-01 9:17 [PATCH 4.4 00/17] 4.4.291-rc1 review Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 01/17] ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 02/17] ARM: 9134/1: remove duplicate memcpy() definition Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 03/17] ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 04/17] ARM: 8819/1: Remove -p from LDFLAGS Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 05/17] usbnet: sanity check for maxpacket Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 06/17] usbnet: fix error return code in usbnet_probe() Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 07/17] ata: sata_mv: Fix the error handling of mv_chip_id() Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 08/17] nfc: port100: fix using -ERRNO as command type mask Greg Kroah-Hartman
2021-11-01 9:17 ` Greg Kroah-Hartman [this message]
2021-11-01 9:17 ` [PATCH 4.4 10/17] mmc: vub300: fix control-message timeouts Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 11/17] mmc: dw_mmc: exynos: fix the finding clock sample value Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 12/17] mmc: sdhci: Map more voltage level to SDHCI_POWER_330 Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 13/17] net: lan78xx: fix division by zero in send path Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 14/17] regmap: Fix possible double-free in regcache_rbtree_exit() Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 15/17] nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 16/17] sctp: use init_tag from inithdr for ABORT chunk Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.4 17/17] sctp: add vtag check in sctp_sf_violation Greg Kroah-Hartman
2021-11-01 21:23 ` [PATCH 4.4 00/17] 4.4.291-rc1 review Shuah Khan
2021-11-01 23:35 ` Guenter Roeck
2021-11-02 8:53 ` Naresh Kamboju
2021-11-02 12:56 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211101082442.644515254@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=stable@vger.kernel.org \
--cc=yanfei.xu@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).