diff options
author | Qinglang Miao <miaoqinglang@huawei.com> | 2021-01-05 13:57:54 +0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2021-01-05 16:50:09 -0800 |
commit | 4beb17e553b49c3dd74505c9f361e756aaae653e (patch) | |
tree | 9914a730f6d332f64b770a3285d03303b54857e3 /net/qrtr/qrtr.h | |
parent | 7a68d725e4ea384977445e0bcaed3d7de83ab5b3 (diff) | |
download | linux-4beb17e553b49c3dd74505c9f361e756aaae653e.tar.gz linux-4beb17e553b49c3dd74505c9f361e756aaae653e.tar.bz2 linux-4beb17e553b49c3dd74505c9f361e756aaae653e.zip |
net: qrtr: fix null-ptr-deref in qrtr_ns_remove
A null-ptr-deref bug is reported by Hulk Robot like this:
--------------
KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]
Call Trace:
qrtr_ns_remove+0x22/0x40 [ns]
qrtr_proto_fini+0xa/0x31 [qrtr]
__x64_sys_delete_module+0x337/0x4e0
do_syscall_64+0x34/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x468ded
--------------
When qrtr_ns_init fails in qrtr_proto_init, qrtr_ns_remove which would
be called later on would raise a null-ptr-deref because qrtr_ns.workqueue
has been destroyed.
Fix it by making qrtr_ns_init have a return value and adding a check in
qrtr_proto_init.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/qrtr/qrtr.h')
-rw-r--r-- | net/qrtr/qrtr.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/qrtr/qrtr.h b/net/qrtr/qrtr.h index dc2b67f17927..3f2d28696062 100644 --- a/net/qrtr/qrtr.h +++ b/net/qrtr/qrtr.h @@ -29,7 +29,7 @@ void qrtr_endpoint_unregister(struct qrtr_endpoint *ep); int qrtr_endpoint_post(struct qrtr_endpoint *ep, const void *data, size_t len); -void qrtr_ns_init(void); +int qrtr_ns_init(void); void qrtr_ns_remove(void); |