On 2019-07-05 9:38 p.m., Wen Yang wrote:
> There is a possible use-after-free issue in the axienet_probe():
>
> 1701: np = of_parse_phandle(pdev->dev.of_node, "axistream-connected", 0);
> 1702: if (np) {
> ...
> 1787: of_node_put(np); ---> released here
> 1788: lp->eth_irq = platform_get_irq(pdev, 0);
> 1789: } else {
> ...
> 1801: }
> 1802: if (IS_ERR(lp->dma_regs)) {
> ...
> 1805: of_node_put(np); ---> double released here
> 1806: goto free_netdev;
> 1807: }
>
> We solve this problem by removing the unnecessary of_node_put().
>
> Fixes: 28ef9ebdb64c ("net: axienet: make use of axistream-connected attribute
> optional")
> Signed-off-by: Wen Yang <wen.yan...@zte.com.cn>
> Cc: Anirudha Sarangi <anir...@xilinx.com>
> Cc: John Linn <john.l...@xilinx.com>
> Cc: "David S. Miller" <da...@davemloft.net>
> Cc: Michal Simek <michal.si...@xilinx.com>
> Cc: Robert Hancock <hanc...@sedsystems.ca>
> Cc: net...@vger.kernel.org
> Cc: linux-arm-ker...@lists.infradead.org
> Cc: linux-kernel@vger.kernel.org
Yes, looks valid.
Reviewed-by: Robert Hancock <hanc...@sedsystems.ca>
> ---
> drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> index 561e28a..4fc627f 100644
> --- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> +++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> @@ -1802,7 +1802,6 @@ static int axienet_probe(struct platform_device *pdev)
> if (IS_ERR(lp->dma_regs)) {
> dev_err(&pdev->dev, "could not map DMA regs\n");
> ret = PTR_ERR(lp->dma_regs);
> - of_node_put(np);
> goto free_netdev;
> }
> if ((lp->rx_irq <= 0) || (lp->tx_irq <= 0)) {
>
--
Robert Hancock
Senior Software Developer
SED Systems, a division of Calian Ltd.
Email: hanc...@sedsystems.ca
