realtek: dsa: avoid use-after-free

The realtek target uses some functions marked __init for initialization.
However, that means they can only be called once when compiled in and
afterwards the memory occupied by them is freed and potentially reused.
Some "impossible" (code at a given location can't crash in the way it
does) crashes can be caused by this because upon re-execution of those
functions, garbage gets executed. Such re-execution can happen for
deferred probes or repeated probes.

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
Link: https://github.com/openwrt/openwrt/pull/21504
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

diff --git a/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/common.c b/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/common.c
index 09bafc8f26c59fc63809e0ea97fc0c130152be1b..a30748206791a4e3267c0bab11def68594992c35 100644 (file)
--- a/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/common.c
+++ b/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/common.c
@@ -255,7 +255,7 @@ static int rtldsa_bus_c45_write(struct mii_bus *bus, int addr, int devad, int re
        return mdiobus_c45_write_nested(priv->parent_bus, addr, devad, regnum, val);
 }
 
-static int __init rtl83xx_mdio_probe(struct rtl838x_switch_priv *priv)
+static int rtl83xx_mdio_probe(struct rtl838x_switch_priv *priv)
 {
        struct device_node *dn, *phy_node, *pcs_node, *led_node, *np, *mii_np;
        struct device *dev = priv->dev;
@@ -405,7 +405,7 @@ static int __init rtl83xx_mdio_probe(struct rtl838x_switch_priv *priv)
        return 0;
 }
 
-static int __init rtl83xx_get_l2aging(struct rtl838x_switch_priv *priv)
+static int rtl83xx_get_l2aging(struct rtl838x_switch_priv *priv)
 {
        int t = sw_r32(priv->r->l2_ctrl_1);
 
@@ -1391,7 +1391,7 @@ static int rtldsa_ethernet_loaded(struct platform_device *pdev)
        return ret;
 }
 
-static int __init rtl83xx_sw_probe(struct platform_device *pdev)
+static int rtl83xx_sw_probe(struct platform_device *pdev)
 {
        struct rtl838x_switch_priv *priv;
        struct device *dev = &pdev->dev;

diff --git a/target/linux/realtek/files-6.12/drivers/net/ethernet/rtl838x_eth.c b/target/linux/realtek/files-6.12/drivers/net/ethernet/rtl838x_eth.c
index c55e366bc3308aa293620ad6703e53d38618d4d3..c8d08a8ad9777af9f33f7215796f9bed9151e0ed 100644 (file)
--- a/target/linux/realtek/files-6.12/drivers/net/ethernet/rtl838x_eth.c
+++ b/target/linux/realtek/files-6.12/drivers/net/ethernet/rtl838x_eth.c
@@ -1647,7 +1647,7 @@ static const struct ethtool_ops rteth_ethtool_ops = {
        .set_link_ksettings = rteth_set_link_ksettings,
 };
 
-static int __init rtl838x_eth_probe(struct platform_device *pdev)
+static int rtl838x_eth_probe(struct platform_device *pdev)
 {
        struct net_device *dev;
        struct device_node *dn = pdev->dev.of_node;