Re: [PATCH 11/20] ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()

[Jakub Kicinski]

On Sat, 5 Dec 2020 22:04:28 +0100 Rasmus Villemoes wrote:
> On 05/12/2020 21.48, Jakub Kicinski wrote:
> > On Sat,  5 Dec 2020 20:17:34 +0100 Rasmus Villemoes wrote:  
> >> -	unregister_netdev(dev);
> >> -	free_netdev(dev);
> >>  	ucc_geth_memclean(ugeth);
> >>  	if (of_phy_is_fixed_link(np))
> >>  		of_phy_deregister_fixed_link(np);
> >>  	of_node_put(ugeth->ug_info->tbi_node);
> >>  	of_node_put(ugeth->ug_info->phy_node);
> >> +	unregister_netdev(dev);
> >> +	free_netdev(dev);  
> > 
> > Are you sure you want to move the unregister_netdev() as well as the
> > free?
> 
> Hm, dunno, I don't think it's needed per se, but it also shouldn't hurt
> from what I can tell. It seems more natural that they go together, but
> if you prefer a minimal patch that's of course also possible.

I was concerned about the fact that we free things and release
references while the device may still be up (given that it's
unregister_netdev() that will take it down).

> I only noticed because I needed to add a free of the ug_info in a later
> patch.