From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Dan Carpenter <dan.carpenter@oracle.com>,
Pavel Skripkin <paskripkin@gmail.com>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>,
syzbot+398e7dc692ddbbb4cfec@syzkaller.appspotmail.com
Subject: [PATCH 4.14 13/33] phy: mdio: fix memory leak
Date: Thu, 14 Oct 2021 16:53:45 +0200 [thread overview]
Message-ID: <20211014145209.222914468@linuxfoundation.org> (raw)
In-Reply-To: <20211014145208.775270267@linuxfoundation.org>
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit ca6e11c337daf7925ff8a2aac8e84490a8691905 ]
Syzbot reported memory leak in MDIO bus interface, the problem was in
wrong state logic.
MDIOBUS_ALLOCATED indicates 2 states:
1. Bus is only allocated
2. Bus allocated and __mdiobus_register() fails, but
device_register() was called
In case of device_register() has been called we should call put_device()
to correctly free the memory allocated for this device, but mdiobus_free()
calls just kfree(dev) in case of MDIOBUS_ALLOCATED state
To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED
_before_ calling device_register(), because put_device() should be
called even in case of device_register() failure.
Link: https://lore.kernel.org/netdev/YVMRWNDZDUOvQjHL@shell.armlinux.org.uk/
Fixes: 46abc02175b3 ("phylib: give mdio buses a device tree presence")
Reported-and-tested-by: syzbot+398e7dc692ddbbb4cfec@syzkaller.appspotmail.com
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Link: https://lore.kernel.org/r/eceae1429fbf8fa5c73dd2a0d39d525aa905074d.1633024062.git.paskripkin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/mdio_bus.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index 5fc7b6c1a442..5ef9bbbab3db 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -344,6 +344,13 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner)
bus->dev.groups = NULL;
dev_set_name(&bus->dev, "%s", bus->id);
+ /* We need to set state to MDIOBUS_UNREGISTERED to correctly release
+ * the device in mdiobus_free()
+ *
+ * State will be updated later in this function in case of success
+ */
+ bus->state = MDIOBUS_UNREGISTERED;
+
err = device_register(&bus->dev);
if (err) {
pr_err("mii_bus %s failed to register\n", bus->id);
--
2.33.0
next prev parent reply other threads:[~2021-10-14 14:57 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-14 14:53 [PATCH 4.14 00/33] 4.14.251-rc1 review Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 01/33] Partially revert "usb: Kconfig: using select for USB_COMMON dependency" Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 02/33] USB: cdc-acm: fix racy tty buffer accesses Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 03/33] USB: cdc-acm: fix break reporting Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 04/33] ovl: fix missing negative dentry check in ovl_rename() Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 05/33] nfsd4: Handle the NFSv4 READDIR dircount hint being zero Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 06/33] xen/balloon: fix cancelled balloon action Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 07/33] ARM: dts: omap3430-sdp: Fix NAND device node Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 08/33] ARM: dts: qcom: apq8064: use compatible which contains chipid Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 09/33] bpf: add also cbpf long jump test cases with heavy expansion Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 10/33] bpf, mips: Validate conditional branch offsets Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 11/33] xtensa: call irqchip_init only when CONFIG_USE_OF is selected Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 12/33] bpf: Fix integer overflow in prealloc_elems_and_freelist() Greg Kroah-Hartman
2021-10-14 14:53 ` Greg Kroah-Hartman [this message]
2021-10-14 14:53 ` [PATCH 4.14 14/33] net_sched: fix NULL deref in fifo_set_limit() Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 15/33] powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 16/33] ptp_pch: Load module automatically if ID matches Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 17/33] ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 18/33] net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 19/33] netlink: annotate data races around nlk->bound Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 20/33] drm/nouveau/debugfs: fix file release memory leak Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 21/33] rtnetlink: fix if_nlmsg_stats_size() under estimation Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 22/33] i40e: fix endless loop under rtnl Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 23/33] i2c: acpi: fix resource leak in reconfiguration device addition Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 24/33] net: phy: bcm7xxx: Fixed indirect MMD operations Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 25/33] HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 26/33] netfilter: ip6_tables: zero-initialize fragment offset Greg Kroah-Hartman
2021-10-14 14:53 ` [PATCH 4.14 27/33] mac80211: Drop frames from invalid MAC address in ad-hoc mode Greg Kroah-Hartman
2021-10-14 14:54 ` [PATCH 4.14 28/33] m68k: Handle arrivals of multiple signals correctly Greg Kroah-Hartman
2021-10-14 14:54 ` [PATCH 4.14 29/33] net: sun: SUNVNET_COMMON should depend on INET Greg Kroah-Hartman
2021-10-14 14:54 ` [PATCH 4.14 30/33] scsi: ses: Fix unsigned comparison with less than zero Greg Kroah-Hartman
2021-10-14 14:54 ` [PATCH 4.14 31/33] scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" Greg Kroah-Hartman
2021-10-14 14:54 ` [PATCH 4.14 32/33] perf/x86: Reset destroy callback on event init failure Greg Kroah-Hartman
2021-10-14 14:54 ` [PATCH 4.14 33/33] sched: Always inline is_percpu_thread() Greg Kroah-Hartman
2021-10-14 18:32 ` [PATCH 4.14 00/33] 4.14.251-rc1 review Jon Hunter
2021-10-15 7:21 ` Samuel Zou
2021-10-15 17:49 ` Daniel Díaz
2021-10-15 17:57 ` Daniel Díaz
2021-10-15 22:28 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211014145209.222914468@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@oracle.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+398e7dc692ddbbb4cfec@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.