kernel_optimize_test/drivers/bcma
Zenghui Yu e68128e078 bcma: Fix memory leak for internally-handled cores
[ Upstream commit b63aed3ff195130fef12e0af590f4838cf0201d8 ]

kmemleak reported that dev_name() of internally-handled cores were leaked
on driver unbinding. Let's use device_initialize() to take refcounts for
them and put_device() to properly free the related stuff.

While looking at it, there's another potential issue for those which should
be *registered* into driver core. If device_register() failed, we put
device once and freed bcma_device structures. In bcma_unregister_cores(),
they're treated as unregistered and we hit both UAF and double-free. That
smells not good and has also been fixed now.

Fixes: ab54bc8460 ("bcma: fill core details for every device")
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210727025232.663-2-yuzenghui@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-09-15 09:50:45 +02:00
..
bcma_private.h
core.c
driver_chipcommon_b.c remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
driver_chipcommon_nflash.c
driver_chipcommon_pflash.c
driver_chipcommon_pmu.c bcma: fix block comment style 2019-10-24 08:45:31 +03:00
driver_chipcommon_sflash.c
driver_chipcommon.c
driver_gmac_cmn.c
driver_gpio.c bcma: gpio: Use irqchip template 2020-08-02 18:26:51 +03:00
driver_mips.c
driver_pci_host.c bcma: use semicolons rather than commas to separate statements 2020-10-01 16:23:50 +03:00
driver_pci.c bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA 2019-09-03 16:44:02 +03:00
driver_pcie2.c
host_pci.c
host_soc.c remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
Kconfig
main.c bcma: Fix memory leak for internally-handled cores 2021-09-15 09:50:45 +02:00
Makefile
README
scan.c drivers: bcma: remove set but not used variable addrh and sizeh 2020-08-02 18:26:18 +03:00
scan.h
sprom.c bcma: make arrays pwr_info_offset and sprom_sizes static const, shrinks object size 2019-09-13 16:44:49 +03:00
TODO

Broadcom introduced new bus as replacement for older SSB. It is based on AMBA,
however from programming point of view there is nothing AMBA specific we use.

Standard AMBA drivers are platform specific, have hardcoded addresses and use
AMBA standard fields like CID and PID.

In case of Broadcom's cards every device consists of:
1) Broadcom specific AMBA device. It is put on AMBA bus, but can not be treated
   as standard AMBA device. Reading it's CID or PID can cause machine lockup.
2) AMBA standard devices called ports or wrappers. They have CIDs (AMBA_CID)
   and PIDs (0x103BB369), but we do not use that info for anything. One of that
   devices is used for managing Broadcom specific core.

Addresses of AMBA devices are not hardcoded in driver and have to be read from
EPROM.

In this situation we decided to introduce separated bus. It can contain up to
16 devices identified by Broadcom specific fields: manufacturer, id, revision
and class.