kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   0b62bdb4751d0cd6898a3176acfedaa5d21e9d3a
  2.   patches.suse
  3.   phy-ti-am654-serdes-fix-an-use-after-free-in-serdes_.patch
Blob Blame History Raw 
From 3e644828421e31167bedd8dc4d291cdcc822ab20 Mon Sep 17 00:00:00 2001
From: Wen Yang <wen.yang99@zte.com.cn>
Date: Mon, 8 Jul 2019 14:19:05 +0800
Subject: [PATCH] phy: ti: am654-serdes: fix an use-after-free in serdes_am654_clk_register()
Git-commit: 3e644828421e31167bedd8dc4d291cdcc822ab20
Patch-mainline: v5.4-rc1
References: git-fixes

The regmap_node variable is still being used in the syscon_node_to_regmap()
call after the of_node_put() call, which may result in use-after-free.

Fixes: 71e2f5c5c224 ("phy: ti: Add a new SERDES driver for TI's AM654x SoC")
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Kishon Vijay Abraham I <kishon@ti.com>
Cc: Roger Quadros <rogerq@ti.com>
Reviewed-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Acked-by: Takashi Iwai <tiwai@suse.de>

---
 drivers/phy/ti/phy-am654-serdes.c | 33 ++++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/drivers/phy/ti/phy-am654-serdes.c b/drivers/phy/ti/phy-am654-serdes.c
index f8edd0840fa2..f14f1f053a75 100644
--- a/drivers/phy/ti/phy-am654-serdes.c
+++ b/drivers/phy/ti/phy-am654-serdes.c
@@ -405,6 +405,7 @@ static int serdes_am654_clk_register(struct serdes_am654 *am654_phy,
 	const __be32 *addr;
 	unsigned int reg;
 	struct clk *clk;
+	int ret = 0;
 
 	mux = devm_kzalloc(dev, sizeof(*mux), GFP_KERNEL);
 	if (!mux)
@@ -413,34 +414,40 @@ static int serdes_am654_clk_register(struct serdes_am654 *am654_phy,
 	init = &mux->clk_data;
 
 	regmap_node = of_parse_phandle(node, "ti,serdes-clk", 0);
-	of_node_put(regmap_node);
 	if (!regmap_node) {
 		dev_err(dev, "Fail to get serdes-clk node\n");
-		return -ENODEV;
+		ret = -ENODEV;
+		goto out_put_node;
 	}
 
 	regmap = syscon_node_to_regmap(regmap_node->parent);
 	if (IS_ERR(regmap)) {
 		dev_err(dev, "Fail to get Syscon regmap\n");
-		return PTR_ERR(regmap);
+		ret = PTR_ERR(regmap);
+		goto out_put_node;
 	}
 
 	num_parents = of_clk_get_parent_count(node);
 	if (num_parents < 2) {
 		dev_err(dev, "SERDES clock must have parents\n");
-		return -EINVAL;
+		ret = -EINVAL;
+		goto out_put_node;
 	}
 
 	parent_names = devm_kzalloc(dev, (sizeof(char *) * num_parents),
 				    GFP_KERNEL);
-	if (!parent_names)
-		return -ENOMEM;
+	if (!parent_names) {
+		ret = -ENOMEM;
+		goto out_put_node;
+	}
 
 	of_clk_parent_fill(node, parent_names, num_parents);
 
 	addr = of_get_address(regmap_node, 0, NULL, NULL);
-	if (!addr)
-		return -EINVAL;
+	if (!addr) {
+		ret = -EINVAL;
+		goto out_put_node;
+	}
 
 	reg = be32_to_cpu(*addr);
 
@@ -456,12 +463,16 @@ static int serdes_am654_clk_register(struct serdes_am654 *am654_phy,
 	mux->hw.init = init;
 
 	clk = devm_clk_register(dev, &mux->hw);
-	if (IS_ERR(clk))
-		return PTR_ERR(clk);
+	if (IS_ERR(clk)) {
+		ret = PTR_ERR(clk);
+		goto out_put_node;
+	}
 
 	am654_phy->clks[clock_num] = clk;
 
-	return 0;
+out_put_node:
+	of_node_put(regmap_node);
+	return ret;
 }
 
 static const struct of_device_id serdes_am654_id_table[] = {
-- 
2.16.4
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.