From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752911AbcK2AUn (ORCPT ); Mon, 28 Nov 2016 19:20:43 -0500 Received: from mail-dm3nam03on0095.outbound.protection.outlook.com ([104.47.41.95]:30848 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752126AbcK2AUj (ORCPT ); Mon, 28 Nov 2016 19:20:39 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=zach.brown@ni.com; Date: Mon, 28 Nov 2016 18:05:57 -0600 From: Zach Brown To: Geert Uytterhoeven CC: Florian Fainelli , "David S. Miller" , Josh Cartwright , Nathan Sullivan , Woojung Huh , , , Subject: Re: [PATCH v2] net: phy: Fix use after free in phy_detach() Message-ID: <20161129000556.GA11698@zach-desktop> References: <1480342711-26407-1-git-send-email-geert+renesas@glider.be> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <1480342711-26407-1-git-send-email-geert+renesas@glider.be> User-Agent: Mutt/1.5.24 (2015-08-30) X-Originating-IP: [130.164.62.11] X-ClientProxiedBy: CY1PR04CA0026.namprd04.prod.outlook.com (10.166.187.36) To MWHPR04MB0624.namprd04.prod.outlook.com (10.172.166.137) X-Microsoft-Exchange-Diagnostics: 1;MWHPR04MB0624;2:Co3RKEAc1Iv+vyCvULx7pCvMTgt6ozJw7uUgDWu4UcGWCVR6vz3I5P1eS9plUILGhulttYoqJ1y0xVHSUHVAJavc0RE4ShwO1aUqAO2jB+wY7lhQLL7nmHjqJRbi0JbHDoJPnw2pRQrfausBih0rHvVj4EUvjvQxwNbDKdgMl10=;3:EnRdAUuMONMDl0xgX0wPR38GRfNC7qvl+N0SoCxfDzSvqGHVRg/kPCR6Ce1zLi1m7C+TZyMZn1uzikSIsBNUy9i7f5NT3Y9cK0EnDi2clOcCjxtCXe9GYbNtyCEj/65lrpOhi25j+02Ds9UehEc/I/McAyDXPB5GnwKTyax8xJM=;25:vHO250O1mbtI4gvLE1l3XmbOxBXqlACaAmWcccgy4NQfJanVU50fJ8/lwg8H7LYlMKeRZMDGEmtsAY8qBMGWZQec8nSGf/RTUPJdlztbhYKuxi1/RdFPk9j8ktteEVph6F53128DOquXGhZ2NnNmnjsPWKV3q+h0jg9bBuZ/4gnmEe12bqtgsZ15NEfy+157Kgxcq9cbWLbkPj3GHgA5HQyzJ1uVQAjdFI4yI1Isifc8mzSpUXsPanzDdVsbLgK03BfTFljU23BhhlUljP+eYauKLQPlGhOReZzt5KgttFv0bFKEicy28rZXCecMVZSyHskKFPPJhTvax35Iaw/J7uWcNvUQ17qXd3vflvm3tb8dJ0cXvFRg+M2a+Ix0qepD5szbxRxxLJG/f2+8rNnbFX/G3pvgoSteBWSFZNuIMtTX+sjdG9HduZBGoXPHFzOY X-MS-Office365-Filtering-Correlation-Id: 3e8ff251-595e-423d-0c1d-08d417eb84dc X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:MWHPR04MB0624; X-Microsoft-Exchange-Diagnostics: 1;MWHPR04MB0624;31:f21slo4SP21a1/FwYgqs8frxPOVcjecaGIsndHoG0bahEHDTjVejAyq/Gbw4rIqSJEi+yheQhqyjlk6L2qoa94eVU2dob7i+ATtSetx2ns1OmVct6C3UQK6QCb0IRREc8UWET1jLy+AMYJyWRMryu78cBKAU5mBu8AdfMMJOIYHouFrwBHGmuIJUishG9Vv2vjlCdhaSPgUIMIPPAN9yA1gFzYUipbik7rLrHVjKCAawFFIGEQfa1ZEAoNhMWcaA;20:9pGGUiNPDL/fKT2hvIhYLiUhvpmKkKhso3LoQGaeg47DCDz+lO0lPPhGL8QQ2w7L895N4JMWONyuJ6/FYvh2ATS7/S2v2sei7HLmrCIqw1CKMM8W0sOuUtlsPcblymMjdir44gPkrK1Ky4gFjZbjNBAbe33EEnusEsOl1/zOlq9f49OHLpZOeF2RlT2bqyY6tjnPEf3KcPwM7Xt4wkO2zVW/6HH1ZhvGQaIpCG4Mc+222pXLU5h+1XmudUS3Z6oO4+E2ZSH89l0pqE24TTYBAS0TtiL+JyOGVuaBc3D9NrYJHJFqkbrH0Wa6AoorQC0TE48PNJWGoGyi6e0qADDYsFBlTJ7TU3IXjchPV/0zRoycLM5fHbX0gyPSX+mwODU7SpqDGi1H/emfNT5RVXgrWEOMqqPcAV+oObhJjllNrsgdjZyrfWd5Qabp/Gi9Tx0v50x80RilFUhIQNLluQOak6wmNL4oYgRCjBUuo6vFuPtWScNP5ek+v6/LeVc2D039s3oMWgUgTG+T1kCnOK2OxS9C/uKjR3rT9Y6epG/CFICKXKTLnmleo5RcvcmmohEX3mAShMNzY+A9BsvG3dWBkT/ceOF+SvdYH+9ZVUJDPk0= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(145744241990776); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040361)(6045199)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6041248)(20161123562025)(20161123564025)(20161123560025)(20161123555025);SRVR:MWHPR04MB0624;BCL:0;PCL:0;RULEID:;SRVR:MWHPR04MB0624; X-Microsoft-Exchange-Diagnostics: 1;MWHPR04MB0624;4:m25n9U8qUxoojOljF0uotPFgimitqNkkmY1W3av5eOTxu0A4Y6WPQiAn+lfErTLtYKElWE7BMcQQSOVv02eRyYxmHGIRjAhJbDDoxR6GcY+GD+bxU2E16Y6hvm/02K/A6wELUMzBOh8lnVqdrB4FAcqEShxMGEHmwqipgo6Ijz7XS9sRGCPlyuwYaNkmjBv9q/DTJyOyQvE8BNDU62/mSOl0vLH17ORAufZG87LBXuJQMRBtjYEmsUG0ggvAbTceEZ8WG7LcwZbINgKyec/LPyLdwC28X5VmZsr+Wq1VVnlAmn0v9RjLOlR8acm3OdJ7LIbSVK3aGx54I0yVZeO+vpsEHQE5bE6b5msV45o1QnhaWIxCmI02D6GGI1C9rTE618HmGZWXPK8uei+jU0A9W5uu/1J+7iWDVh7JnecFbfm2qbYZhgSThb/5UF0fw3yewk+z/87KTZogbMAs42bt1I2++rbjNSs+XH9HHWJzRLUsMLhsznGf66LBLgw/5mnPVzYvuiMPUr7xwearU22DnPBW/PTew8kqW2b7yfUhRTKZhdM250kKU9KZ8wHyfn+LqDnuhStlhR9y49H+is9qCER28W2ei/0KUjOSUFXMsejtnMn1AIOFVmvkNdKAYCDA X-Forefront-PRVS: 01415BB535 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(7916002)(199003)(24454002)(189002)(39060400001)(38730400001)(76176999)(7846002)(2906002)(33716001)(5660300001)(92566002)(8676002)(4001350100001)(305945005)(66066001)(7736002)(6496003)(9686002)(733004)(81166006)(189998001)(39450400002)(229853002)(97736004)(50466002)(81156014)(83506001)(2950100002)(6666003)(39400400001)(50986999)(39410400001)(68736007)(39380400001)(46406003)(110136003)(86362001)(4326007)(97756001)(105586002)(106356001)(54356999)(101416001)(23726003)(42186005)(3846002)(6116002)(47776003)(33656002)(1076002)(575784001)(5890100001)(18370500001)(107986001);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR04MB0624;H:zach-desktop;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR04MB0624;23:5I8ssnGrncelIaLptS98rCfGyT4L94bchVgfasNOh?= =?us-ascii?Q?Y9Mf+lzyBD9Ua+DlTn/SEL8fu4R2Db/h8LhgHxgjuhdULq1e0wVYqqWA0xzq?= =?us-ascii?Q?4eIPV6G9x80u9ndKSenuuzxmO7OuygMB0rpjPJNsGUB+pQgLLRJ45k2BAc/R?= =?us-ascii?Q?3VLzF8gvhEebc97wzJgebla+Cd5zTUpMzCwL+L4eZ8Bt1ITkwOp9LQtxv062?= =?us-ascii?Q?6+EPDnWkMMry1igf8aa0iMJ1ABa76nKy+KW8LcMp0rxHDyuCgk8LqLtutaNP?= =?us-ascii?Q?+uoDwyBo399X6pd4KHjnEjGi4d7JaGLdZuOwMJ3UTpajO0zfeK4yR39vwpBw?= =?us-ascii?Q?+rRLf/sjEmviVtbEN/obhCTIlCNCSqlnNWKf3maw2piFgvj25VpR0xx7Rjd/?= =?us-ascii?Q?gtEdJZXbe5BLUXl2ovn3Iq/VT11K4bqJGidBtsfohwBOCoP9RvAlBscpbu1B?= =?us-ascii?Q?tNtw8GsczyP/Fch22/REI79PNxtT2KNwFsfCcB0UGgNZVpkNEy7Nn/d1K2I9?= =?us-ascii?Q?qwZb9lGDMBoF/0xV2IlLsSgHNWKZYcFTpZ4Nk/KGGsB6R1G+9yRfDkusSVXq?= =?us-ascii?Q?W+2ERllEThdA+rcvLCHeIGTttpMY64t8M+NcOwwzOl8xchdT8u3YK6mWXD+j?= =?us-ascii?Q?/3QOQRF3zEuHFnCRLeRcSwmBH7rBFAevDZ8I0X3ZXQIxz6Y+pwXnp2kF7l94?= =?us-ascii?Q?H0I8Ugw/9OwPzAV1wjTydkg52JXsK57dKMZJbMvKVVoz36GxrS5h+kA0JuiO?= =?us-ascii?Q?se8OZ2c2iJa7k95FJQYUGmvgMAMqdOPFi1Jk+25+137g+jpMZ235tlcAxlmk?= =?us-ascii?Q?w9mrptUL84zmbfWlcAZ5DYljQPcbZvxU12ifPz50P775kw4329honIFMiv+x?= =?us-ascii?Q?doVTxRk1qUh3XmS5tZcXGzoIcqcoEB3u/v8fcXHKSOC7v077KPNUCOhpP4KF?= =?us-ascii?Q?vUaMkYCSefiS5HQcRqbWAwX7d4hXnpkiLeajU/FV6FyaH43qhtlRBwSNg33S?= =?us-ascii?Q?2uoiaSMr9bAxBfX713Jyw5H+QCKKWuA2xzNHjfuycEMRjLs3Gl6X/pk3PxRf?= =?us-ascii?Q?UfetLrxET7xW4i3Ttfv+D8u7wlQQq5HQkcSbI5vvp9r+nzBvfXkAzoRDj15+?= =?us-ascii?Q?dpfrfG5JFiOfDTP3aAZPgtjEYLGYtNA2khFOe9J3V+nGT3NnbFqYFwVuqDze?= =?us-ascii?Q?4T7fGEoO0C1ndyu51PWBq9TIhBo4uq1F2mk/Igmav11gAoVTagvHo3xmXqby?= =?us-ascii?Q?STnQ/F5WtTGnP528H7MmS5If0YteX9zvPdc+aO2zEdPOSi+DF/jLi/p4byx2?= =?us-ascii?Q?l3NlrZaLG4kXpA/QbKcIAW0WheEgucpti/7cDai102au617+zS53gVWLHJrW?= =?us-ascii?Q?Drf6N5VY/T1BBOUfJkIael2tV8=3D?= X-Microsoft-Exchange-Diagnostics: 1;MWHPR04MB0624;6:y2c8wTKrqXfAr9KfhmstASm3cOyoMDQYdOnS55JC5c2+oevbTXyOUUcKfZeS/xROgC+Q0sSw8VthFo/XpQtFJUHtlXvqeYohM1er84UAfrxdoz8jviE9CDC0M9rxb+rknk6+sqU4edwkzwg7doAl5CLBfLucNPz4bhgcIaAxdJ9yi7BJGVHHthA76Nu35jAkrppcbfqSxebZBgmFKMGJltHyILgkllzZkXR6RgN/50Jz7BYZi7ihU039HKGly044vvMUP1taC8Lzjrh5IK56Ukyi4uiVcjdBF7c/A1Mv1JslBW+mxhb9tcSZccL1l8Ph;5:dIpHp+PScmSqXyXEX1Sjf1pOhBNNTR+osN8ongOshODD97GhREuuSizqstJCQ66PRRKNHJxhpQWV3HbsprxYFT+zBm0IoQIv7sm7fELEZoG1qgnzrTpAqErwUnDz+GPkBLN3j5xEfCk+0pUfMIeEnZACdHDn3sP9kFncEt6bSdE=;24:d5EA3dH/WTpyOObMH0SNZN0YKOPI+lgzIpZEjYSzXRC28oqnV1Y1jeX/ReE2XC0GA8UAOm1L8LkjFRC+N4hAFYaTFkClLQE3PWinNSXWZt4=;7:ESexBpImCtLpRMNRlkfOgP7Tzi3/o+YwbNUe3n9KKIaHUS3Yzn4xwD3s2+FyocaI0Xch7MToVnz8aCWEtH7W4ZH/mhEAqjQ2WVDVofdAQHCboLgZZx7csTCHkIG2nJO4W37F2+pMTusRvs/2huOJdPVJ8RWftPrtmsKs8PyTU3DvxnXtNj/qq9yoqCkadEOHimP6ivARRGCqbA2CAi/Q6XByEFJRTONnlLpvWRE1SbN07WYS1+WhJOkFQp62EzA/PG08OBR6lAFro/agzU0NNgfV21RGcrj+XkzjSxCztFyCRyZImOnRgHRauj9n/Az0yB9FhP5MLuJ4NUWr9Cid6X0cVE9S3APUbvw3AR3k2RE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: ni.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Nov 2016 00:06:07.3598 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR04MB0624 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 28, 2016 at 03:18:31PM +0100, Geert Uytterhoeven wrote: > If device_release_driver(&phydev->mdio.dev) is called, it releases all > resources belonging to the PHY device. Hence the subsequent call to > phy_led_triggers_unregister() will access already freed memory when > unregistering the LEDs. > > Move the call to phy_led_triggers_unregister() before the possible call > to device_release_driver() to fix this. > > Fixes: 2e0bc452f4721520 ("net: phy: leds: add support for led triggers on phy link state change") > Signed-off-by: Geert Uytterhoeven > --- > This is v2 of "[RFC] net: phy: Fix double free in phy_detach()". > > v2: > - Dropped RFC, > - Reworded, as commit a7dac9f9c1695d74 ("phy: fix error case of > phy_led_triggers_(un)register") fixed the double free, and thus the > warning I was seeing during "poweroff" on sh73a0/kzm9g, > - Verified use after free using CONFIG_DEBUG_DEVRES, log_devres = 1, > and additional debug code printing the address of > phy->phy_led_triggers. Adding poisoning of freed memory to > devres_log() will cause a crash. > --- > drivers/net/phy/phy_device.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c > index ba86c191a13ea81c..a1d6e13b1b4113a4 100644 > --- a/drivers/net/phy/phy_device.c > +++ b/drivers/net/phy/phy_device.c > @@ -981,6 +981,8 @@ void phy_detach(struct phy_device *phydev) > phydev->attached_dev = NULL; > phy_suspend(phydev); > > + phy_led_triggers_unregister(phydev); > + > /* If the device had no specific driver before (i.e. - it > * was using the generic driver), we unbind the device > * from the generic driver so that there's a chance a > @@ -994,8 +996,6 @@ void phy_detach(struct phy_device *phydev) > } > } > > - phy_led_triggers_unregister(phydev); > - > /* > * The phydev might go away on the put_device() below, so avoid > * a use-after-free bug by reading the underlying bus first. > -- > 1.9.1 > I was able to recreate the issue and confirmed this patch fixes it. Tested-by: Zach Brown --Zach