[U-Boot] [PATCH] phy: Fix u-boot coruption when fixed-phy is used
Michal Simek
michal.simek at xilinx.com
Wed Dec 19 15:57:38 UTC 2018
When fixed-link phy is used subnode offset is used as phy address. This
number is bigger then space allocated for bus structure (allocated via
mdio_alloc).
bus->phymap[] array has PHY_MAX_ADDR size (32).
That's why writing bus->phymap[addr] where addr is < 0 or > PHY_MAX_ADDR
is causing write to memory which can caused full U-Boot crash.
The patch is checking if address is in correct range.
Signed-off-by: Michal Simek <michal.simek at xilinx.com>
---
search_for_existing_phy() is using this array but there is if check
already that's why it shouldn't be a big deal.
---
drivers/net/phy/phy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/phy/phy.c b/drivers/net/phy/phy.c
index e837eb7688cc..cda4caa8034d 100644
--- a/drivers/net/phy/phy.c
+++ b/drivers/net/phy/phy.c
@@ -656,7 +656,8 @@ static struct phy_device *phy_device_create(struct mii_dev *bus, int addr,
phy_probe(dev);
- bus->phymap[addr] = dev;
+ if (addr >= 0 && addr < PHY_MAX_ADDR)
+ bus->phymap[addr] = dev;
return dev;
}
--
1.9.1
More information about the U-Boot
mailing list