From: Vinod Koul <vkoul@kernel.org>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Kishon Vijay Abraham I <kishon@ti.com>,
Alan Douglas <adouglas@cadence.com>,
Philipp Zabel <p.zabel@pengutronix.de>,
Swapnil Jakhade <sjakhade@cadence.com>,
Aswath Govindraju <a-govindraju@ti.com>,
linux-phy@lists.infradead.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] phy: cadence: Sierra: fix error handling bugs in probe()
Date: Sun, 23 Jan 2022 19:34:24 +0530 [thread overview]
Message-ID: <Ye1gaFOYziZDVs25@matsya> (raw)
In-Reply-To: <20220115115146.GC7552@kili>
On 15-01-22, 14:51, Dan Carpenter wrote:
> There are two bugs in the error handling:
> 1: If devm_of_phy_provider_register() fails then there was no cleanup.
> 2: The error handling called of_node_put(child) improperly leading to
> a use after free. We are only holding the reference inside the loop
> so the last two gotos after the loop lead to a use after free bug.
> Fix this by cleaning up the partial allocations (or partial iterations)
> in the loop before doing the goto.
Applied, thanks
--
~Vinod
WARNING: multiple messages have this Message-ID (diff)
From: Vinod Koul <vkoul@kernel.org>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Kishon Vijay Abraham I <kishon@ti.com>,
Alan Douglas <adouglas@cadence.com>,
Philipp Zabel <p.zabel@pengutronix.de>,
Swapnil Jakhade <sjakhade@cadence.com>,
Aswath Govindraju <a-govindraju@ti.com>,
linux-phy@lists.infradead.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] phy: cadence: Sierra: fix error handling bugs in probe()
Date: Sun, 23 Jan 2022 19:34:24 +0530 [thread overview]
Message-ID: <Ye1gaFOYziZDVs25@matsya> (raw)
In-Reply-To: <20220115115146.GC7552@kili>
On 15-01-22, 14:51, Dan Carpenter wrote:
> There are two bugs in the error handling:
> 1: If devm_of_phy_provider_register() fails then there was no cleanup.
> 2: The error handling called of_node_put(child) improperly leading to
> a use after free. We are only holding the reference inside the loop
> so the last two gotos after the loop lead to a use after free bug.
> Fix this by cleaning up the partial allocations (or partial iterations)
> in the loop before doing the goto.
Applied, thanks
--
~Vinod
--
linux-phy mailing list
linux-phy@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/linux-phy
next prev parent reply other threads:[~2022-01-23 14:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-15 11:51 [PATCH] phy: cadence: Sierra: fix error handling bugs in probe() Dan Carpenter
2022-01-15 11:51 ` Dan Carpenter
2022-01-23 14:04 ` Vinod Koul [this message]
2022-01-23 14:04 ` Vinod Koul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ye1gaFOYziZDVs25@matsya \
--to=vkoul@kernel.org \
--cc=a-govindraju@ti.com \
--cc=adouglas@cadence.com \
--cc=dan.carpenter@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=kishon@ti.com \
--cc=linux-phy@lists.infradead.org \
--cc=p.zabel@pengutronix.de \
--cc=sjakhade@cadence.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.