net: phy: Avoid NPD upon phy_detach() when driver is unbound

[ Upstream commit c2b727df7caa33876e7066bde090f40001b6d643 ]

If we have unbound the PHY driver prior to calling phy_detach() (often
via phy_disconnect()) then we can cause a NULL pointer de-reference
accessing the driver owner member. The steps to reproduce are:

echo unimac-mdio-0:01 > /sys/class/net/eth0/phydev/driver/unbind
ip link set eth0 down

Fixes: cafe8df8b9bc ("net: phy: Fix lack of reference count on PHY driver")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c
index 2f55873060220aa44df7d5141a108092ab345b10..a3ba95e96695e556edf6ed2c4f6385e061d91e94 100644 (file)
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -1013,7 +1013,8 @@ void phy_detach(struct phy_device *phydev)
        phydev->attached_dev = NULL;
        phy_suspend(phydev);
 
-       module_put(phydev->mdio.dev.driver->owner);
+       if (phydev->mdio.dev.driver)
+               module_put(phydev->mdio.dev.driver->owner);
 
        /* If the device had no specific driver before (i.e. - it
         * was using the generic driver), we unbind the device