net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup - user/sven/linux.git

diff options

author	Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>	2020-11-13 13:12:05 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-11-24 13:27:17 +0100
commit	af1b19b16b91b685ce2c093d7cd1f936c2fd7fd8 (patch)
tree	1e0c08ad52262e45d1ab94488cffaa4bf7679b0d /net
parent	32515a2761a8ca0502a95b994706d1fb20c58fd1 (diff)

net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup

[ Upstream commit fc70f5bf5e525dde81565f0a30d5e39168062eba ] During rmnet unregistration, the real device rx_handler is first cleared followed by the removal of rx_handler_data after the rcu synchronization. Any packets in the receive path may observe that the rx_handler is NULL. However, there is no check when dereferencing this value to use the rmnet_port information. This fixes following splat by adding the NULL check. Unable to handle kernel NULL pointer dereference at virtual address 000000000000000d pc : rmnet_rx_handler+0x124/0x284 lr : rmnet_rx_handler+0x124/0x284 rmnet_rx_handler+0x124/0x284 __netif_receive_skb_core+0x758/0xd74 __netif_receive_skb+0x50/0x17c process_backlog+0x15c/0x1b8 napi_poll+0x88/0x284 net_rx_action+0xbc/0x23c __do_softirq+0x20c/0x48c Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation") Signed-off-by: Sean Tranchetti <stranche@codeaurora.org> Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> Link: https://lore.kernel.org/r/1605298325-3705-1-git-send-email-subashab@codeaurora.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'net')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: