lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y4jJQ3iKkico/xFX@lunn.ch>
Date:   Thu, 1 Dec 2022 16:33:23 +0100
From:   Andrew Lunn <andrew@...n.ch>
To:     Yang Yingliang <yangyingliang@...wei.com>
Cc:     netdev@...r.kernel.org, hkallweit1@...il.com,
        linux@...linux.org.uk, davem@...emloft.net, edumazet@...gle.com,
        kuba@...nel.org, pabeni@...hat.com, ioana.ciornei@....com,
        calvin.johnson@....nxp.com, grant.likely@....com,
        zengheng4@...wei.com
Subject: Re: [PATCH net v2] net: mdiobus: fix double put fwnode in the error
 path

On Thu, Dec 01, 2022 at 11:38:38AM +0800, Yang Yingliang wrote:
> If phy_device_register() or fwnode_mdiobus_phy_device_register()
> fail, phy_device_free() is called, the device refcount is decreased
> to 0, then fwnode_handle_put() will be called in phy_device_release(),
> but in the error path, fwnode_handle_put() has already been called,
> so set fwnode to NULL after fwnode_handle_put() in the error path to
> avoid double put.
> 
> Fixes: cdde1560118f ("net: mdiobus: fix unbalanced node reference count")
> Reported-by: Zeng Heng <zengheng4@...wei.com>
> Tested-by: Zeng Heng <zengheng4@...wei.com>
> Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
> ---
> v1 -> v2:
>   Don't remove fwnode_handle_put() in the error path,
>   set fwnode to NULL avoid double put.
> ---
>  drivers/net/mdio/fwnode_mdio.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/mdio/fwnode_mdio.c b/drivers/net/mdio/fwnode_mdio.c
> index eb344f6d4a7b..9df618577712 100644
> --- a/drivers/net/mdio/fwnode_mdio.c
> +++ b/drivers/net/mdio/fwnode_mdio.c
> @@ -99,6 +99,7 @@ int fwnode_mdiobus_phy_device_register(struct mii_bus *mdio,
>  	rc = phy_device_register(phy);
>  	if (rc) {
>  		fwnode_handle_put(child);
> +		device_set_node(&phy->mdio.dev, NULL);
>  		return rc;
>  	}

This looks better, it is balanced. But i would argue the order is
wrong.

	fwnode_handle_get(child);
	device_set_node(&phy->mdio.dev, child);

	/* All data is now stored in the phy struct;
	 * register it
	 */
	rc = phy_device_register(phy);
	if (rc) {
		fwnode_handle_put(child);
		return rc;
	}

In general you undo stuff in the opposite order to which you did
it. So device_set_node() first, then fwnode_handle_put(). Otherwise
you have a potential race condition.

    Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ