From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Dan Carpenter <dan.carpenter@oracle.com>,
Pavel Skripkin <paskripkin@gmail.com>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>,
syzbot+398e7dc692ddbbb4cfec@syzkaller.appspotmail.com
Subject: [PATCH 4.4 05/18] phy: mdio: fix memory leak
Date: Thu, 14 Oct 2021 16:53:37 +0200 [thread overview]
Message-ID: <20211014145206.495207097@linuxfoundation.org> (raw)
In-Reply-To: <20211014145206.330102860@linuxfoundation.org>
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit ca6e11c337daf7925ff8a2aac8e84490a8691905 ]
Syzbot reported memory leak in MDIO bus interface, the problem was in
wrong state logic.
MDIOBUS_ALLOCATED indicates 2 states:
1. Bus is only allocated
2. Bus allocated and __mdiobus_register() fails, but
device_register() was called
In case of device_register() has been called we should call put_device()
to correctly free the memory allocated for this device, but mdiobus_free()
calls just kfree(dev) in case of MDIOBUS_ALLOCATED state
To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED
_before_ calling device_register(), because put_device() should be
called even in case of device_register() failure.
Link: https://lore.kernel.org/netdev/YVMRWNDZDUOvQjHL@shell.armlinux.org.uk/
Fixes: 46abc02175b3 ("phylib: give mdio buses a device tree presence")
Reported-and-tested-by: syzbot+398e7dc692ddbbb4cfec@syzkaller.appspotmail.com
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Link: https://lore.kernel.org/r/eceae1429fbf8fa5c73dd2a0d39d525aa905074d.1633024062.git.paskripkin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/mdio_bus.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index 5ea86fd57ae6..4066fb5a935a 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -264,6 +264,13 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner)
bus->dev.groups = NULL;
dev_set_name(&bus->dev, "%s", bus->id);
+ /* We need to set state to MDIOBUS_UNREGISTERED to correctly release
+ * the device in mdiobus_free()
+ *
+ * State will be updated later in this function in case of success
+ */
+ bus->state = MDIOBUS_UNREGISTERED;
+
err = device_register(&bus->dev);
if (err) {
pr_err("mii_bus %s failed to register\n", bus->id);
--
2.33.0
next prev parent reply other threads:[~2021-10-14 14:55 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-14 14:53 [PATCH 4.4 00/18] 4.4.289-rc1 review Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 01/18] USB: cdc-acm: fix racy tty buffer accesses Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 02/18] USB: cdc-acm: fix break reporting Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 03/18] nfsd4: Handle the NFSv4 READDIR dircount hint being zero Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 04/18] xtensa: call irqchip_init only when CONFIG_USE_OF is selected Greg Kroah-Hartman
2021-10-14 14:53 ` Greg Kroah-Hartman [this message]
2021-10-14 14:53 ` [PATCH 4.4 06/18] net_sched: fix NULL deref in fifo_set_limit() Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 07/18] ptp_pch: Load module automatically if ID matches Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 08/18] ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 09/18] netlink: annotate data races around nlk->bound Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 10/18] i40e: fix endless loop under rtnl Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 11/18] gup: document and work around "COW can break either way" issue Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 12/18] mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 13/18] HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 14/18] netfilter: ip6_tables: zero-initialize fragment offset Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 15/18] mac80211: Drop frames from invalid MAC address in ad-hoc mode Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 16/18] scsi: ses: Fix unsigned comparison with less than zero Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 17/18] scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.4 18/18] perf/x86: Reset destroy callback on event init failure Greg Kroah-Hartman
2021-10-14 18:32 ` [PATCH 4.4 00/18] 4.4.289-rc1 review Jon Hunter
2021-10-14 21:06 ` Pavel Machek
2021-10-14 22:40 ` Shuah Khan
2021-10-15 22:05 ` Guenter Roeck
2021-10-15 23:11 ` Daniel Díaz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211014145206.495207097@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@oracle.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+398e7dc692ddbbb4cfec@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.