Re: [PATCH v2 1/2] Revert "net: mdiobus: Fix memory leak in __mdiobus_register"

From: Xu, Yanfei
Date: Wed Sep 29 2021 - 02:35:30 EST

Next message: Mr. Hui Ka Yan: "[no subject]"
Previous message: Jammy Huang: "Re: [RESEND PATCH] media: aspeed: add debugfs"
In reply to: Pavel Skripkin: "Re: [PATCH v2 2/2] phy: mdio: fix memory leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/29/21 4:39 AM, Pavel Skripkin wrote:

This reverts commit ab609f25d19858513919369ff3d9a63c02cd9e2e.

This patch is correct in the sense that we_should_ call device_put() in
case of device_register() failure, but the problem in this code is more
vast.

We need to set bus->state to UNMDIOBUS_REGISTERED before calling
device_register() to correctly release the device in mdiobus_free().
This patch prevents us from doing it, since in case of device_register()
failure put_device() will be called 2 times and it will cause UAF or
something else.

Also, Reported-by: tag in revered commit was wrong, since syzbot
reported different leak in same function.

Link:https://lore.kernel.org/netdev/20210928092657.GI2048@kadam/
Cc: Yanfei Xu<yanfei.xu@xxxxxxxxxxxxx>
Signed-off-by: Pavel Skripkin<paskripkin@xxxxxxxxx>
---

Changes in v2:
Added this revert

Acked-by: Yanfei Xu<yanfei.xu@xxxxxxxxxxxxx>

Thanks,
Yanfei

Next message: Mr. Hui Ka Yan: "[no subject]"
Previous message: Jammy Huang: "Re: [RESEND PATCH] media: aspeed: add debugfs"
In reply to: Pavel Skripkin: "Re: [PATCH v2 2/2] phy: mdio: fix memory leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]