mlxsw: core: Fix use-after-free when flashing firmware during init
authorIdo Schimmel <idosch@mellanox.com>
Wed, 17 Oct 2018 08:05:45 +0000 (08:05 +0000)
committerDavid S. Miller <davem@davemloft.net>
Thu, 18 Oct 2018 05:25:45 +0000 (22:25 -0700)
commit9b3bc7db759e64c33471025721817467f8c3ecd4
tree3dab97b9c58de87c8587db412b4b43802b81ed06
parentc863850ce22e1b0bb365d49cadf51f4765153ae4
mlxsw: core: Fix use-after-free when flashing firmware during init

When the switch driver (e.g., mlxsw_spectrum) determines it needs to
flash a new firmware version it resets the ASIC after the flashing
process. The bus driver (e.g., mlxsw_pci) then registers itself again
with mlxsw_core which means (among other things) that the device
registers itself again with the hwmon subsystem again.

Since the device was registered with the hwmon subsystem using
devm_hwmon_device_register_with_groups(), then the old hwmon device
(registered before the flashing) was never unregistered and was
referencing stale data, resulting in a use-after free.

Fix by removing reliance on device managed APIs in mlxsw_hwmon_init().

Fixes: c86d62cc410c ("mlxsw: spectrum: Reset FW after flash")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reported-by: Alexander Petrovskiy <alexpe@mellanox.com>
Tested-by: Alexander Petrovskiy <alexpe@mellanox.com>
Reviewed-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/mellanox/mlxsw/core.c
drivers/net/ethernet/mellanox/mlxsw/core.h
drivers/net/ethernet/mellanox/mlxsw/core_hwmon.c