phylib: fix potential use-after-free · tjh.dev/kernel@cbda1b1

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

phylib: fix potential use-after-free

Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call
to phy_device_reset(phydev) after the put_device() call in phy_detach().

The comment before the put_device() call says that the phydev might go
away with put_device().

Fix potential use-after-free by calling phy_device_reset() before
put_device().

Fixes: bafbdd527d56 ("phylib: Add device reset GPIO support")
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220119162748.32418-1-kabel@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Marek Behún and committed by

Jakub Kicinski 4 years ago cbda1b16 57afdc0a

+3 -3

1 changed file

expand all

drivers

net

phy

phy_device.c

+3 -3

drivers/net/phy/phy_device.c

··· 1746 1746 phy_driver_is_genphy_10g(phydev)) 1747 1747 device_release_driver(&phydev->mdio.dev); 1748 1748 1749 + /* Assert the reset signal */ 1750 + phy_device_reset(phydev, 1); 1751 + 1749 1752 /* 1750 1753 * The phydev might go away on the put_device() below, so avoid 1751 1754 * a use-after-free bug by reading the underlying bus first. ··· 1760 1757 ndev_owner = dev->dev.parent->driver->owner; 1761 1758 if (ndev_owner != bus->owner) 1762 1759 module_put(bus->owner); 1763 - 1764 - /* Assert the reset signal */ 1765 - phy_device_reset(phydev, 1); 1766 1760 } 1767 1761 EXPORT_SYMBOL(phy_detach); 1768 1762