From 94114d90037fe730bab5ea76d388bc294034fa39 Mon Sep 17 00:00:00 2001 From: "Russell King (Oracle)" Date: Thu, 7 Oct 2021 14:23:27 +0100 Subject: [PATCH] net: mdio: ensure the type of mdio devices match mdio drivers On the MDIO bus, we have PHYLIB devices and drivers, and we have non- PHYLIB devices and drivers. PHYLIB devices are MDIO devices that are wrapped with a struct phy_device. Trying to bind a MDIO device with a PHYLIB driver results in out-of- bounds accesses as we attempt to access struct phy_device members. So, let's prevent this by ensuring that the type of the MDIO device (indicated by the MDIO_DEVICE_FLAG_PHY flag) matches the type of the MDIO driver (indicated by the MDIO_DEVICE_IS_PHY flag.) Link: https://lore.kernel.org/r/2b1dc053-8c9a-e3e4-b450-eecdfca3fe16@gmail.com Tested-by: Andrew Lunn Reviewed-by: Andrew Lunn Signed-off-by: Russell King (Oracle) Signed-off-by: David S. Miller --- drivers/net/phy/mdio_bus.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c index daf8356b54f3..c204067f1890 100644 --- a/drivers/net/phy/mdio_bus.c +++ b/drivers/net/phy/mdio_bus.c @@ -971,8 +971,14 @@ EXPORT_SYMBOL_GPL(mdiobus_modify_changed); */ static int mdio_bus_match(struct device *dev, struct device_driver *drv) { + struct mdio_driver *mdiodrv = to_mdio_driver(drv); struct mdio_device *mdio = to_mdio_device(dev); + /* Both the driver and device must type-match */ + if (!(mdiodrv->mdiodrv.flags & MDIO_DEVICE_IS_PHY) != + !(mdio->flags & MDIO_DEVICE_FLAG_PHY)) + return 0; + if (of_driver_match_device(dev, drv)) return 1; -- 2.11.0