There is a possible use-after-free issue in the axienet_probe():
1701: np = of_parse_phandle(pdev->dev.of_node, "axistream-connected", 0);
1702: if (np) {
...
1787: of_node_put(np); ---> released here
1788: lp->eth_irq = platform_get_irq(pdev, 0);
1789: } else {
...
1801: }
1802: if (IS_ERR(lp->dma_regs)) {
...
1805: of_node_put(np); ---> double released here
1806: goto free_netdev;
1807: }
We solve this problem by removing the unnecessary of_node_put().
Fixes: 28ef9ebdb64c ("net: axienet: make use of axistream-connected attribute optional")
Signed-off-by: Wen Yang <[email protected]>
Cc: Anirudha Sarangi <[email protected]>
Cc: John Linn <[email protected]>
Cc: "David S. Miller" <[email protected]>
Cc: Michal Simek <[email protected]>
Cc: Robert Hancock <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
---
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
index 561e28a..4fc627f 100644
--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
@@ -1802,7 +1802,6 @@ static int axienet_probe(struct platform_device *pdev)
if (IS_ERR(lp->dma_regs)) {
dev_err(&pdev->dev, "could not map DMA regs\n");
ret = PTR_ERR(lp->dma_regs);
- of_node_put(np);
goto free_netdev;
}
if ((lp->rx_irq <= 0) || (lp->tx_irq <= 0)) {
--
2.9.5
On 2019-07-05 9:38 p.m., Wen Yang wrote:
> There is a possible use-after-free issue in the axienet_probe():
>
> 1701: np = of_parse_phandle(pdev->dev.of_node, "axistream-connected", 0);
> 1702: if (np) {
> ...
> 1787: of_node_put(np); ---> released here
> 1788: lp->eth_irq = platform_get_irq(pdev, 0);
> 1789: } else {
> ...
> 1801: }
> 1802: if (IS_ERR(lp->dma_regs)) {
> ...
> 1805: of_node_put(np); ---> double released here
> 1806: goto free_netdev;
> 1807: }
>
> We solve this problem by removing the unnecessary of_node_put().
>
> Fixes: 28ef9ebdb64c ("net: axienet: make use of axistream-connected attribute optional")
> Signed-off-by: Wen Yang <[email protected]>
> Cc: Anirudha Sarangi <[email protected]>
> Cc: John Linn <[email protected]>
> Cc: "David S. Miller" <[email protected]>
> Cc: Michal Simek <[email protected]>
> Cc: Robert Hancock <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
Yes, looks valid.
Reviewed-by: Robert Hancock <[email protected]>
> ---
> drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> index 561e28a..4fc627f 100644
> --- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> +++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> @@ -1802,7 +1802,6 @@ static int axienet_probe(struct platform_device *pdev)
> if (IS_ERR(lp->dma_regs)) {
> dev_err(&pdev->dev, "could not map DMA regs\n");
> ret = PTR_ERR(lp->dma_regs);
> - of_node_put(np);
> goto free_netdev;
> }
> if ((lp->rx_irq <= 0) || (lp->tx_irq <= 0)) {
>
--
Robert Hancock
Senior Software Developer
SED Systems, a division of Calian Ltd.
Email: [email protected]
From: Wen Yang <[email protected]>
Date: Sat, 6 Jul 2019 11:38:41 +0800
> There is a possible use-after-free issue in the axienet_probe():
>
> 1701: np = of_parse_phandle(pdev->dev.of_node, "axistream-connected", 0);
> 1702: if (np) {
> ...
> 1787: of_node_put(np); ---> released here
> 1788: lp->eth_irq = platform_get_irq(pdev, 0);
> 1789: } else {
> ...
> 1801: }
> 1802: if (IS_ERR(lp->dma_regs)) {
> ...
> 1805: of_node_put(np); ---> double released here
> 1806: goto free_netdev;
> 1807: }
>
> We solve this problem by removing the unnecessary of_node_put().
>
> Fixes: 28ef9ebdb64c ("net: axienet: make use of axistream-connected attribute optional")
> Signed-off-by: Wen Yang <[email protected]>
Applied to net-next