| Message ID | E1mWFLN-000fYQ-Cl@rmk-PC.armlinux.org.uk (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [RFT,v2,net-next] net: mdio: ensure the type of mdio devices match mdio drivers | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net-next |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | warning | 1 maintainers not CCed: linux@armlinux.org.uk |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 14 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/header_inline | success | Link |
On Fri, Oct 01, 2021 at 11:00:41AM +0100, Russell King (Oracle) wrote: > On the MDIO bus, we have PHYLIB devices and drivers, and we have non- > PHYLIB devices and drivers. PHYLIB devices are MDIO devices that are > wrapped with a struct phy_device. > > Trying to bind a MDIO device with a PHYLIB driver results in out-of- > bounds accesses as we attempt to access struct phy_device members. So, > let's prevent this by ensuring that the type of the MDIO device > (indicated by the MDIO_DEVICE_FLAG_PHY flag) matches the type of the > MDIO driver (indicated by the MDIO_DEVICE_IS_PHY flag.) > > Link: https://lore.kernel.org/r/2b1dc053-8c9a-e3e4-b450-eecdfca3fe16@gmail.com > Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Tested-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Andrew
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c index 53f034fc2ef7..3a36b463c22a 100644 --- a/drivers/net/phy/mdio_bus.c +++ b/drivers/net/phy/mdio_bus.c @@ -938,8 +938,14 @@ EXPORT_SYMBOL_GPL(mdiobus_modify); */ static int mdio_bus_match(struct device *dev, struct device_driver *drv) { + struct mdio_driver *mdiodrv = to_mdio_driver(drv); struct mdio_device *mdio = to_mdio_device(dev); + /* Both the driver and device must type-match */ + if (!(mdiodrv->mdiodrv.flags & MDIO_DEVICE_IS_PHY) != + !(mdio->flags & MDIO_DEVICE_FLAG_PHY)) + return 0; + if (of_driver_match_device(dev, drv)) return 1;
On the MDIO bus, we have PHYLIB devices and drivers, and we have non- PHYLIB devices and drivers. PHYLIB devices are MDIO devices that are wrapped with a struct phy_device. Trying to bind a MDIO device with a PHYLIB driver results in out-of- bounds accesses as we attempt to access struct phy_device members. So, let's prevent this by ensuring that the type of the MDIO device (indicated by the MDIO_DEVICE_FLAG_PHY flag) matches the type of the MDIO driver (indicated by the MDIO_DEVICE_IS_PHY flag.) Link: https://lore.kernel.org/r/2b1dc053-8c9a-e3e4-b450-eecdfca3fe16@gmail.com Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> --- Tested locally in SolidRun Clearfog, DSA switch and PHY get probed correctly. Further testing welcomed. v2: dead christmas tree ordering. drivers/net/phy/mdio_bus.c | 6 ++++++ 1 file changed, 6 insertions(+)