linux/drivers/bcma
Zenghui Yu b63aed3ff1 bcma: Fix memory leak for internally-handled cores
kmemleak reported that dev_name() of internally-handled cores were leaked
on driver unbinding. Let's use device_initialize() to take refcounts for
them and put_device() to properly free the related stuff.

While looking at it, there's another potential issue for those which should
be *registered* into driver core. If device_register() failed, we put
device once and freed bcma_device structures. In bcma_unregister_cores(),
they're treated as unregistered and we hit both UAF and double-free. That
smells not good and has also been fixed now.

Fixes: ab54bc8460 ("bcma: fill core details for every device")
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210727025232.663-2-yuzenghui@huawei.com
2021-08-29 14:44:57 +03:00
..
bcma_private.h bcma: use dev_* printing functions 2019-01-10 13:39:19 +02:00
core.c bcma: update core (en|dis)abling functions 2013-06-17 14:38:53 -04:00
driver_chipcommon_b.c remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
driver_chipcommon_nflash.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2013-02-14 14:23:33 -05:00
driver_chipcommon_pflash.c bcma: move parallel flash support to separated file 2016-03-07 14:41:08 +02:00
driver_chipcommon_pmu.c bcma: fix block comment style 2019-10-24 08:45:31 +03:00
driver_chipcommon_sflash.c mtd: bcm47xxsflash: use ioremap_cache() instead of KSEG0ADDR() 2016-04-04 00:07:57 -07:00
driver_chipcommon.c Revert "bcma: init serial console directly from ChipCommon code" 2017-01-17 14:23:44 +02:00
driver_gmac_cmn.c Drivers: bcma: remove __dev* attributes. 2013-01-03 15:57:15 -08:00
driver_gpio.c bcma: gpio: Use irqchip template 2020-08-02 18:26:51 +03:00
driver_mips.c bcma: remove unused function 2021-04-18 09:36:56 +03:00
driver_pci_host.c bcma: use semicolons rather than commas to separate statements 2020-10-01 16:23:50 +03:00
driver_pci.c bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA 2019-09-03 16:44:02 +03:00
driver_pcie2.c bcma: Adjust block comment 2017-12-07 15:33:02 +02:00
host_pci.c bcma: Use dev_get_drvdata 2019-08-06 15:25:28 +03:00
host_soc.c remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
Kconfig bcma: Allow selection of this driver when COMPILE_TEST=y 2018-07-18 09:34:19 +02:00
main.c bcma: Fix memory leak for internally-handled cores 2021-08-29 14:44:57 +03:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
README
scan.c drivers: bcma: remove set but not used variable addrh and sizeh 2020-08-02 18:26:18 +03:00
scan.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sprom.c bcma: make arrays pwr_info_offset and sprom_sizes static const, shrinks object size 2019-09-13 16:44:49 +03:00
TODO

Broadcom introduced new bus as replacement for older SSB. It is based on AMBA,
however from programming point of view there is nothing AMBA specific we use.

Standard AMBA drivers are platform specific, have hardcoded addresses and use
AMBA standard fields like CID and PID.

In case of Broadcom's cards every device consists of:
1) Broadcom specific AMBA device. It is put on AMBA bus, but can not be treated
   as standard AMBA device. Reading it's CID or PID can cause machine lockup.
2) AMBA standard devices called ports or wrappers. They have CIDs (AMBA_CID)
   and PIDs (0x103BB369), but we do not use that info for anything. One of that
   devices is used for managing Broadcom specific core.

Addresses of AMBA devices are not hardcoded in driver and have to be read from
EPROM.

In this situation we decided to introduce separated bus. It can contain up to
16 devices identified by Broadcom specific fields: manufacturer, id, revision
and class.