This is a note to let you know that I've just added the patch titled
net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register()
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-dsa-bcm_sf2-fix-possible-memory-leak-in-bcm_sf2_mdio_register.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 61b40cefe51af005c72dbdcf975a3d166c6e6406 Mon Sep 17 00:00:00 2001
From: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
Date: Wed, 11 Oct 2023 11:24:19 +0800
Subject: net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register()
From: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
commit 61b40cefe51af005c72dbdcf975a3d166c6e6406 upstream.
In bcm_sf2_mdio_register(), the class_find_device() will call get_device()
to increment reference count for priv->master_mii_bus->dev if
of_mdio_find_bus() succeeds. If mdiobus_alloc() or mdiobus_register()
fails, it will call get_device() twice without decrement reference count
for the device. And it is the same if bcm_sf2_mdio_register() succeeds but
fails in bcm_sf2_sw_probe(), or if bcm_sf2_sw_probe() succeeds. If the
reference count has not decremented to zero, the dev related resource will
not be freed.
So remove the get_device() in bcm_sf2_mdio_register(), and call
put_device() if mdiobus_alloc() or mdiobus_register() fails and in
bcm_sf2_mdio_unregister() to solve the issue.
And as Simon suggested, unwind from errors for bcm_sf2_mdio_register() and
just return 0 if it succeeds to make it cleaner.
Fixes: 461cd1b03e32 ("net: dsa: bcm_sf2: Register our slave MDIO bus")
Signed-off-by: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
Suggested-by: Simon Horman <horms@xxxxxxxxxx>
Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
Reviewed-by: Florian Fainelli <florian.fainelli@xxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20231011032419.2423290-1-ruanjinjie@xxxxxxxxxx
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/dsa/bcm_sf2.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
--- a/drivers/net/dsa/bcm_sf2.c
+++ b/drivers/net/dsa/bcm_sf2.c
@@ -497,17 +497,16 @@ static int bcm_sf2_mdio_register(struct
dn = of_find_compatible_node(NULL, NULL, "brcm,unimac-mdio");
priv->master_mii_bus = of_mdio_find_bus(dn);
if (!priv->master_mii_bus) {
- of_node_put(dn);
- return -EPROBE_DEFER;
+ err = -EPROBE_DEFER;
+ goto err_of_node_put;
}
- get_device(&priv->master_mii_bus->dev);
priv->master_mii_dn = dn;
priv->slave_mii_bus = mdiobus_alloc();
if (!priv->slave_mii_bus) {
- of_node_put(dn);
- return -ENOMEM;
+ err = -ENOMEM;
+ goto err_put_master_mii_bus_dev;
}
priv->slave_mii_bus->priv = priv;
@@ -564,11 +563,17 @@ static int bcm_sf2_mdio_register(struct
}
err = mdiobus_register(priv->slave_mii_bus);
- if (err && dn) {
- mdiobus_free(priv->slave_mii_bus);
- of_node_put(dn);
- }
+ if (err && dn)
+ goto err_free_slave_mii_bus;
+
+ return 0;
+err_free_slave_mii_bus:
+ mdiobus_free(priv->slave_mii_bus);
+err_put_master_mii_bus_dev:
+ put_device(&priv->master_mii_bus->dev);
+err_of_node_put:
+ of_node_put(dn);
return err;
}
@@ -576,6 +581,7 @@ static void bcm_sf2_mdio_unregister(stru
{
mdiobus_unregister(priv->slave_mii_bus);
mdiobus_free(priv->slave_mii_bus);
+ put_device(&priv->master_mii_bus->dev);
of_node_put(priv->master_mii_dn);
}
Patches currently in stable-queue which might be from ruanjinjie@xxxxxxxxxx are
queue-5.10/arm64-factor-insn-read-out-of-call_undef_hook.patch
queue-5.10/arm64-rework-el0-mrs-emulation.patch
queue-5.10/arm64-die-pass-err-as-long.patch
queue-5.10/arm64-armv8_deprecated-rework-deprected-instruction-handling.patch
queue-5.10/arm64-armv8_deprecated-fix-unused-function-error.patch
queue-5.10/arm64-armv8_deprecated-move-aarch32-helper-earlier.patch
queue-5.10/arm64-consistently-pass-esr_elx-to-die.patch
queue-5.10/arm64-factor-out-el1-ssbs-emulation-hook.patch
queue-5.10/arm64-report-el1-undefs-better.patch
queue-5.10/arm64-armv8_deprecated-fold-ops-into-insn_emulation.patch
queue-5.10/arm64-rework-bti-exception-handling.patch
queue-5.10/arm64-rework-fpac-exception-handling.patch
queue-5.10/arm64-split-el0-el1-undef-handlers.patch
queue-5.10/net-dsa-bcm_sf2-fix-possible-memory-leak-in-bcm_sf2_mdio_register.patch
queue-5.10/arm64-allow-kprobes-on-el0-handlers.patch
queue-5.10/arm64-armv8_deprecated-move-emulation-functions.patch
