From: Ido Schimmel <ido...@mellanox.com>
Date: Wed, 17 Oct 2018 08:05:45 +0000
> When the switch driver (e.g., mlxsw_spectrum) determines it needs to
> flash a new firmware version it resets the ASIC after the flashing
> process. The bus driver (e.g., mlxsw_pci) then registers itself again
> with mlxsw_core which means (among other things) that the device
> registers itself again with the hwmon subsystem again.
>
> Since the device was registered with the hwmon subsystem using
> devm_hwmon_device_register_with_groups(), then the old hwmon device
> (registered before the flashing) was never unregistered and was
> referencing stale data, resulting in a use-after free.
>
> Fix by removing reliance on device managed APIs in mlxsw_hwmon_init().
>
> Fixes: c86d62cc410c ("mlxsw: spectrum: Reset FW after flash")
> Signed-off-by: Ido Schimmel <ido...@mellanox.com>
> Reported-by: Alexander Petrovskiy <ale...@mellanox.com>
> Tested-by: Alexander Petrovskiy <ale...@mellanox.com>
> Reviewed-by: Petr Machata <pe...@mellanox.com>
Applied.
