diff options
| author | Chen Yufeng <chenyufeng@iie.ac.cn> | 2025-09-11 18:08:20 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-10-12 14:01:02 +0300 |
| commit | fd00cf38fd437c979f0e5905e3ebdfc3f55a4b96 (patch) | |
| tree | 031395182a6609cdd61ca1912e3760b77e97a5e0 /scripts/lib/kdoc/kdoc_parser.py | |
| parent | e3af7df1c5b8dff4a6ecbdff08f72e32fba7d374 (diff) | |
| download | linux-fd00cf38fd437c979f0e5905e3ebdfc3f55a4b96.tar.xz | |
can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
[ Upstream commit 6b696808472197b77b888f50bc789a3bae077743 ]
This issue is similar to the vulnerability in the `mcp251x` driver,
which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from
sleep before interface was brought up").
In the `hi311x` driver, when the device resumes from sleep, the driver
schedules `priv->restart_work`. However, if the network interface was
not previously enabled, the `priv->wq` (workqueue) is not allocated and
initialized, leading to a null pointer dereference.
To fix this, we move the allocation and initialization of the workqueue
from the `hi3110_open` function to the `hi3110_can_probe` function.
This ensures that the workqueue is properly initialized before it is
used during device resume. And added logic to destroy the workqueue
in the error handling paths of `hi3110_can_probe` and in the
`hi3110_can_remove` function to prevent resource leaks.
Signed-off-by: Chen Yufeng <chenyufeng@iie.ac.cn>
Link: https://patch.msgid.link/20250911150820.250-1-chenyufeng@iie.ac.cn
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'scripts/lib/kdoc/kdoc_parser.py')
0 files changed, 0 insertions, 0 deletions