__mdiobus_register() can fail between calling device_register() and
setting bus->state to MDIOBUS_REGISTERED. When this happens the caller
will call mdiobus_free() which then frees the mdio bus structure. This
is not allowed as the embedded struct device is already registered, thus
must be freed dropping the reference count using put_device(). To
accomplish this set bus->state to MDIOBUS_UNREGISTERED after having
registered the device. With this mdiobus_free() correctly calls
put_device() instead of freeing the mdio bus structure directly.
Signed-off-by: Sascha Hauer <s.ha...@pengutronix.de>
---
drivers/net/phy/mdio_bus.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index 0af20faad69d..85cbaab4a591 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -540,6 +540,8 @@ int __mdiobus_register(struct mii_bus *bus, struct module
*owner)
return -EINVAL;
}
+ bus->state = MDIOBUS_UNREGISTERED;
+
mutex_init(&bus->mdio_lock);
mutex_init(&bus->shared_lock);
--
2.28.0
