lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20241213-phy_core_fix-v6-1-40ae28f5015a@quicinc.com>
Date: Fri, 13 Dec 2024 20:36:41 +0800
From: Zijun Hu <zijun_hu@...oud.com>
To: Vinod Koul <vkoul@...nel.org>, 
 Kishon Vijay Abraham I <kishon@...nel.org>, Felipe Balbi <balbi@...com>, 
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
 Rob Herring <robh@...nel.org>, Arnd Bergmann <arnd@...db.de>, 
 Lee Jones <lee@...nel.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
 Lorenzo Pieralisi <lpieralisi@...nel.org>, 
 Krzysztof Wilczyński <kw@...ux.com>, 
 Bjorn Helgaas <bhelgaas@...gle.com>, 
 "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, 
 Christophe JAILLET <christophe.jaillet@...adoo.fr>, 
 Johan Hovold <johan@...nel.org>, Zijun Hu <zijun_hu@...oud.com>, 
 stable@...r.kernel.org, linux-phy@...ts.infradead.org, 
 linux-kernel@...r.kernel.org, Zijun Hu <quic_zijuhu@...cinc.com>, 
 Johan Hovold <johan+linaro@...nel.org>
Subject: [PATCH v6 1/6] phy: core: Fix that API devm_phy_put() fails to
 release the phy

From: Zijun Hu <quic_zijuhu@...cinc.com>

For devm_phy_put(), its comment says it needs to invoke phy_put() to
release the phy, but it will not actually invoke the function since
devres_destroy() does not call devm_phy_release(), and the missing
phy_put() call will cause:

- The phy fails to be released.
- devm_phy_put() can not fully undo what API devm_phy_get() does.
- Leak refcount of both the module and device for below typical usage:

  devm_phy_get(); // or its variant
  ...
  err = do_something();
  if (err)
      goto err_out;
  ...
  err_out:
  devm_phy_put(); // leak refcount here

  The file(s) affected by this issue are shown below since they have such
  typical usage.
  drivers/pci/controller/cadence/pcie-cadence.c
  drivers/net/ethernet/ti/am65-cpsw-nuss.c

Fix by using devres_release() instead of devres_destroy() within the API.

Fixes: ff764963479a ("drivers: phy: add generic PHY framework")
Cc: stable@...r.kernel.org
Cc: Lorenzo Pieralisi <lpieralisi@...nel.org>
Cc: Krzysztof Wilczyński <kw@...ux.com>
Cc: Bjorn Helgaas <bhelgaas@...gle.com>
Cc: David S. Miller <davem@...emloft.net>
Cc: Eric Dumazet <edumazet@...gle.com>
Cc: Jakub Kicinski <kuba@...nel.org>
Cc: Paolo Abeni <pabeni@...hat.com>
Reviewed-by: Johan Hovold <johan+linaro@...nel.org>
Signed-off-by: Zijun Hu <quic_zijuhu@...cinc.com>
---
 drivers/phy/phy-core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c
index f053b525ccffab1629f5e09581a6ebcc35e47f79..f190d7126613ad253b4820b9e4167dda8623439d 100644
--- a/drivers/phy/phy-core.c
+++ b/drivers/phy/phy-core.c
@@ -737,7 +737,7 @@ void devm_phy_put(struct device *dev, struct phy *phy)
 	if (!phy)
 		return;
 
-	r = devres_destroy(dev, devm_phy_release, devm_phy_match, phy);
+	r = devres_release(dev, devm_phy_release, devm_phy_match, phy);
 	dev_WARN_ONCE(dev, r, "couldn't find PHY resource\n");
 }
 EXPORT_SYMBOL_GPL(devm_phy_put);

-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ