diff options
| author | Chen Yufeng <[email protected]> | 2025-09-11 15:08:20 +0000 |
|---|---|---|
| committer | Marc Kleine-Budde <[email protected]> | 2025-09-19 16:59:15 +0000 |
| commit | 6b696808472197b77b888f50bc789a3bae077743 (patch) | |
| tree | 8828245f6199c78b12a5e8413d1fdc9a28abf3e1 /lib/net_utils.c | |
| parent | Merge tag 'net-6.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/net... (diff) | |
| download | kernel-6b696808472197b77b888f50bc789a3bae077743.tar.gz kernel-6b696808472197b77b888f50bc789a3bae077743.zip | |
can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
This issue is similar to the vulnerability in the `mcp251x` driver,
which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from
sleep before interface was brought up").
In the `hi311x` driver, when the device resumes from sleep, the driver
schedules `priv->restart_work`. However, if the network interface was
not previously enabled, the `priv->wq` (workqueue) is not allocated and
initialized, leading to a null pointer dereference.
To fix this, we move the allocation and initialization of the workqueue
from the `hi3110_open` function to the `hi3110_can_probe` function.
This ensures that the workqueue is properly initialized before it is
used during device resume. And added logic to destroy the workqueue
in the error handling paths of `hi3110_can_probe` and in the
`hi3110_can_remove` function to prevent resource leaks.
Signed-off-by: Chen Yufeng <[email protected]>
Link: https://patch.msgid.link/[email protected]
Signed-off-by: Marc Kleine-Budde <[email protected]>
Diffstat (limited to 'lib/net_utils.c')
0 files changed, 0 insertions, 0 deletions