[U-Boot] [PATCH] phy: Fix u-boot coruption when fixed-phy is used
Stefan Roese
sr at denx.de
Thu Dec 20 13:13:03 UTC 2018
On 19.12.18 16:57, Michal Simek wrote:
> When fixed-link phy is used subnode offset is used as phy address. This
> number is bigger then space allocated for bus structure (allocated via
> mdio_alloc).
> bus->phymap[] array has PHY_MAX_ADDR size (32).
> That's why writing bus->phymap[addr] where addr is < 0 or > PHY_MAX_ADDR
> is causing write to memory which can caused full U-Boot crash.
>
> The patch is checking if address is in correct range.
>
> Signed-off-by: Michal Simek <michal.simek at xilinx.com>
> ---
>
> search_for_existing_phy() is using this array but there is if check
> already that's why it shouldn't be a big deal.
>
> ---
> drivers/net/phy/phy.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/phy/phy.c b/drivers/net/phy/phy.c
> index e837eb7688cc..cda4caa8034d 100644
> --- a/drivers/net/phy/phy.c
> +++ b/drivers/net/phy/phy.c
> @@ -656,7 +656,8 @@ static struct phy_device *phy_device_create(struct mii_dev *bus, int addr,
>
> phy_probe(dev);
>
> - bus->phymap[addr] = dev;
> + if (addr >= 0 && addr < PHY_MAX_ADDR)
> + bus->phymap[addr] = dev;
How about adding some error / warning print in the else path here?
Thanks,
Stefan
More information about the U-Boot
mailing list