net: mdio: ensure the type of mdio devices match mdio drivers

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

On the MDIO bus, we have PHYLIB devices and drivers, and we have non-
PHYLIB devices and drivers. PHYLIB devices are MDIO devices that are
wrapped with a struct phy_device.

Trying to bind a MDIO device with a PHYLIB driver results in out-of-
bounds accesses as we attempt to access struct phy_device members. So,
let's prevent this by ensuring that the type of the MDIO device
(indicated by the MDIO_DEVICE_FLAG_PHY flag) matches the type of the
MDIO driver (indicated by the MDIO_DEVICE_IS_PHY flag.)

Link: https://lore.kernel.org/r/2b1dc053-8c9a-e3e4-b450-eecdfca3fe16@gmail.com
Tested-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Russell King (Oracle) and committed by

David S. Miller 4 years ago 94114d90 454d3e1a

1 changed file

expand all

drivers

net

phy

mdio_bus.c

drivers/net/phy/mdio_bus.c

··· 971 971 */ 972 972 static int mdio_bus_match(struct device *dev, struct device_driver *drv) 973 973 { 974 + struct mdio_driver *mdiodrv = to_mdio_driver(drv); 974 975 struct mdio_device *mdio = to_mdio_device(dev); 976 + 977 + /* Both the driver and device must type-match */ 978 + if (!(mdiodrv->mdiodrv.flags & MDIO_DEVICE_IS_PHY) != 979 + !(mdio->flags & MDIO_DEVICE_FLAG_PHY)) 980 + return 0; 975 981 976 982 if (of_driver_match_device(dev, drv)) 977 983 return 1;