From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2BDBC433EF for ; Thu, 7 Oct 2021 13:23:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BF25061251 for ; Thu, 7 Oct 2021 13:23:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233308AbhJGNZ2 (ORCPT ); Thu, 7 Oct 2021 09:25:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232869AbhJGNZY (ORCPT ); Thu, 7 Oct 2021 09:25:24 -0400 Received: from pandora.armlinux.org.uk (pandora.armlinux.org.uk [IPv6:2001:4d48:ad52:32c8:5054:ff:fe00:142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D12ADC061570 for ; Thu, 7 Oct 2021 06:23:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=armlinux.org.uk; s=pandora-2019; h=Date:Sender:Message-Id:Content-Type: Content-Transfer-Encoding:MIME-Version:Subject:Cc:To:From:Reply-To:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=e3gieBLlijyNEPZ8wg4F+BGxfogpFJEEv4mI2a0lAaE=; b=FliHyNW33FIyDWc4fTg1PEDoUM jC9sYJwmIQjfQQQLhfKaLA1ZEa2bTmyNi7WqtpfAXzfg0ulc64QsXLasWhu+Gjr33BUvYagWzgADK MJ7rAkq9QRhp6/YB2yqfyqIpC1DRt84EgY8CygF4HzTQnunpCBUR8mZMaoUv4C2zU3O5cMCLMmltp nhw8YXLv5pszkvTADBnGShFt9udQ5+GGSUSpKUmvlS6UZyVlq4lV85wxp6G3EaquKgdW8E+73zvQc BP1ifuOy0eZOcUWOI7UsEjpGD/KXyV2qgg77bxtISjNCwaPBTLri0cpRPc5bwUUuMnaFkVH4ulRIz Ud/PRNIA==; Received: from e0022681537dd.dyn.armlinux.org.uk ([fd8f:7570:feb6:1:222:68ff:fe15:37dd]:59614 helo=rmk-PC.armlinux.org.uk) by pandora.armlinux.org.uk with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mYTMu-0002UT-Ac; Thu, 07 Oct 2021 14:23:28 +0100 Received: from rmk by rmk-PC.armlinux.org.uk with local (Exim 4.94.2) (envelope-from ) id 1mYTMt-001hFb-Rl; Thu, 07 Oct 2021 14:23:27 +0100 From: "Russell King (Oracle)" To: Andrew Lunn , Heiner Kallweit Cc: "David S. Miller" , netdev@vger.kernel.org, Jakub Kicinski Subject: [PATCH net-next] net: mdio: ensure the type of mdio devices match mdio drivers MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" Message-Id: Sender: Russell King Date: Thu, 07 Oct 2021 14:23:27 +0100 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On the MDIO bus, we have PHYLIB devices and drivers, and we have non- PHYLIB devices and drivers. PHYLIB devices are MDIO devices that are wrapped with a struct phy_device. Trying to bind a MDIO device with a PHYLIB driver results in out-of- bounds accesses as we attempt to access struct phy_device members. So, let's prevent this by ensuring that the type of the MDIO device (indicated by the MDIO_DEVICE_FLAG_PHY flag) matches the type of the MDIO driver (indicated by the MDIO_DEVICE_IS_PHY flag.) Link: https://lore.kernel.org/r/2b1dc053-8c9a-e3e4-b450-eecdfca3fe16@gmail.com Tested-by: Andrew Lunn Reviewed-by: Andrew Lunn Signed-off-by: Russell King (Oracle) --- drivers/net/phy/mdio_bus.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c index d8b68145f6b4..8c59eb6a2b68 100644 --- a/drivers/net/phy/mdio_bus.c +++ b/drivers/net/phy/mdio_bus.c @@ -961,8 +961,14 @@ EXPORT_SYMBOL_GPL(mdiobus_modify_changed); */ static int mdio_bus_match(struct device *dev, struct device_driver *drv) { + struct mdio_driver *mdiodrv = to_mdio_driver(drv); struct mdio_device *mdio = to_mdio_device(dev); + /* Both the driver and device must type-match */ + if (!(mdiodrv->mdiodrv.flags & MDIO_DEVICE_IS_PHY) != + !(mdio->flags & MDIO_DEVICE_FLAG_PHY)) + return 0; + if (of_driver_match_device(dev, drv)) return 1; -- 2.30.2