CVE-2022-48814

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: dsa: seville: register the mdiobus under devres<br /> <br /> As explained in commits:<br /> 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")<br /> 5135e96a3dd2 ("net: dsa: don&amp;#39;t allocate the slave_mii_bus using devres")<br /> <br /> mdiobus_free() will panic when called from devm_mdiobus_free() shutdown) do not apply. But there is one more which<br /> applies here.<br /> <br /> If the DSA master itself is on a bus that calls -&gt;remove from -&gt;shutdown<br /> (like dpaa2-eth, which is on the fsl-mc bus), there is a device link<br /> between the switch and the DSA master, and device_links_unbind_consumers()<br /> will unbind the seville switch driver on shutdown.<br /> <br /> So the same treatment must be applied to all DSA switch drivers, which<br /> is: either use devres for both the mdiobus allocation and registration,<br /> or don&amp;#39;t use devres at all.<br /> <br /> The seville driver has a code structure that could accommodate both the<br /> mdiobus_unregister and mdiobus_free calls, but it has an external<br /> dependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls<br /> devm_mdiobus_alloc_size() on its behalf. So rather than restructuring<br /> that, and exporting yet one more symbol mscc_miim_teardown(), let&amp;#39;s work<br /> with devres and replace of_mdiobus_register with the devres variant.<br /> When we use all-devres, we can ensure that devres doesn&amp;#39;t free a<br /> still-registered bus (it either runs both callbacks, or none).