lpc_eth: kernel BUG on remove

We may have found a bug in the nxp/lpc_eth.c driver. The function
platform_set_drvdata() is called twice, the second time it is called,
in lpc_mii_init(), it overwrites the struct net_device which should be
at pdev->dev->driver_data with pldat->mii_bus. When trying to remove
the driver, in lpc_eth_drv_remove(), platform_get_drvdata() will
return the pldat->mii_bus pointer and try to use it as a struct
net_device pointer. This causes unregister_netdev to segfault and
generate a kernel BUG. Is this reproducible?

Signed-off-by: Daniel Martinez <linux@danielsmartinez.com>
Signed-off-by: Bruno Carneiro da Cunha <brunocarneirodacunha@usp.br>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/nxp/lpc_eth.c b/drivers/net/ethernet/nxp/lpc_eth.c
index ebb81d6..6561692 100644 (file)
--- a/drivers/net/ethernet/nxp/lpc_eth.c
+++ b/drivers/net/ethernet/nxp/lpc_eth.c
@@ -817,8 +817,6 @@ static int lpc_mii_init(struct netdata_local *pldat)
        pldat->mii_bus->priv = pldat;
        pldat->mii_bus->parent = &pldat->pdev->dev;
 
-       platform_set_drvdata(pldat->pdev, pldat->mii_bus);
-
        node = of_get_child_by_name(pldat->pdev->dev.of_node, "mdio");
        err = of_mdiobus_register(pldat->mii_bus, node);
        of_node_put(node);