Re: [PATCH] net: axienet: fix a potential double free in axienet_probe()
From: Robert Hancock
Date: Mon Jul 08 2019 - 12:03:32 EST
On 2019-07-05 9:38 p.m., Wen Yang wrote:
> There is a possible use-after-free issue in the axienet_probe():
>
> 1701: np = of_parse_phandle(pdev->dev.of_node, "axistream-connected", 0);
> 1702: if (np) {
> ...
> 1787: of_node_put(np); ---> released here
> 1788: lp->eth_irq = platform_get_irq(pdev, 0);
> 1789: } else {
> ...
> 1801: }
> 1802: if (IS_ERR(lp->dma_regs)) {
> ...
> 1805: of_node_put(np); ---> double released here
> 1806: goto free_netdev;
> 1807: }
>
> We solve this problem by removing the unnecessary of_node_put().
>
> Fixes: 28ef9ebdb64c ("net: axienet: make use of axistream-connected attribute optional")
> Signed-off-by: Wen Yang <wen.yang99@xxxxxxxxxx>
> Cc: Anirudha Sarangi <anirudh@xxxxxxxxxx>
> Cc: John Linn <John.Linn@xxxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Michal Simek <michal.simek@xxxxxxxxxx>
> Cc: Robert Hancock <hancock@xxxxxxxxxxxxx>
> Cc: netdev@xxxxxxxxxxxxxxx
> Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
Yes, looks valid.
Reviewed-by: Robert Hancock <hancock@xxxxxxxxxxxxx>
> ---
> drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> index 561e28a..4fc627f 100644
> --- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> +++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> @@ -1802,7 +1802,6 @@ static int axienet_probe(struct platform_device *pdev)
> if (IS_ERR(lp->dma_regs)) {
> dev_err(&pdev->dev, "could not map DMA regs\n");
> ret = PTR_ERR(lp->dma_regs);
> - of_node_put(np);
> goto free_netdev;
> }
> if ((lp->rx_irq <= 0) || (lp->tx_irq <= 0)) {
>
--
Robert Hancock
Senior Software Developer
SED Systems, a division of Calian Ltd.
Email: hancock@xxxxxxxxxxxxx