lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20241030-phy_core_fix-v3-5-19b97c3ec917@quicinc.com>
Date: Wed, 30 Oct 2024 22:18:28 +0800
From: Zijun Hu <zijun_hu@...oud.com>
To: Vinod Koul <vkoul@...nel.org>, 
 Kishon Vijay Abraham I <kishon@...nel.org>, Felipe Balbi <balbi@...com>, 
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
 Rob Herring <robh@...nel.org>, Arnd Bergmann <arnd@...db.de>, 
 Lee Jones <lee@...nel.org>
Cc: Lorenzo Pieralisi <lpieralisi@...nel.org>, 
 Krzysztof WilczyƄski <kw@...ux.com>, 
 Bjorn Helgaas <bhelgaas@...gle.com>, 
 "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, 
 Christophe JAILLET <christophe.jaillet@...adoo.fr>, 
 Johan Hovold <johan@...nel.org>, Zijun Hu <zijun_hu@...oud.com>, 
 stable@...r.kernel.org, linux-phy@...ts.infradead.org, 
 linux-kernel@...r.kernel.org, Zijun Hu <quic_zijuhu@...cinc.com>, 
 Johan Hovold <johan+linaro@...nel.org>
Subject: [PATCH v3 5/6] phy: core: Fix an OF node refcount leakage in
 of_phy_provider_lookup()

From: Zijun Hu <quic_zijuhu@...cinc.com>

For macro for_each_child_of_node(parent, child), refcount of @child has
been increased before entering its loop body, so normally needs to call
of_node_put(@child) before returning from the loop body to avoid refcount
leakage.

of_phy_provider_lookup() has such usage but does not call of_node_put()
before returning, so cause leakage of the OF node refcount.

Fixed by simply calling of_node_put() before returning from the loop body.

The APIs affected by this issue are shown below since they indirectly
invoke problematic of_phy_provider_lookup().
phy_get()
of_phy_get()
devm_phy_get()
devm_of_phy_get()
devm_of_phy_get_by_index()

Fixes: 2a4c37016ca9 ("phy: core: Fix of_phy_provider_lookup to return PHY provider for sub node")
Cc: stable@...r.kernel.org
Reviewed-by: Johan Hovold <johan+linaro@...nel.org>
Signed-off-by: Zijun Hu <quic_zijuhu@...cinc.com>
---
The following kernel mainline commit fixes a similar issue:
Commit: b337cc3ce475 ("backlight: lm3509_bl: Fix early returns in for_each_child_of_node()")
---
 drivers/phy/phy-core.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c
index 3127c5d9c637..9d4cc64a0865 100644
--- a/drivers/phy/phy-core.c
+++ b/drivers/phy/phy-core.c
@@ -145,8 +145,10 @@ static struct phy_provider *of_phy_provider_lookup(struct device_node *node)
 			return phy_provider;
 
 		for_each_child_of_node(phy_provider->children, child)
-			if (child == node)
+			if (child == node) {
+				of_node_put(child);
 				return phy_provider;
+			}
 	}
 
 	return ERR_PTR(-EPROBE_DEFER);

-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ