[PATCH 5.10 104/125] net: qcom/emac: fix UAF in emac_remove
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2021-07-22 16:42:08
Also in:
lkml
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2021-07-22 16:42:08
Also in:
lkml
From: Pavel Skripkin <redacted>
commit ad297cd2db8953e2202970e9504cab247b6c7cb4 upstream.
adpt is netdev private data and it cannot be
used after free_netdev() call. Using adpt after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() at the end of the
function.
Fixes: 54e19bc74f33 ("net: qcom/emac: do not use devm on internal phy pdev")
Signed-off-by: Pavel Skripkin <redacted>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/qualcomm/emac/emac.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/qualcomm/emac/emac.c
+++ b/drivers/net/ethernet/qualcomm/emac/emac.c@@ -735,12 +735,13 @@ static int emac_remove(struct platform_d put_device(&adpt->phydev->mdio.dev); mdiobus_unregister(adpt->mii_bus); - free_netdev(netdev); if (adpt->phy.digital) iounmap(adpt->phy.digital); iounmap(adpt->phy.base); + free_netdev(netdev); + return 0; }