a2ea279ba9
In rmnet powersave work, rmnet_get_packets() could access NULL dev pointer if rmnet_dellink() is nullifying the dev pointer at the same time. 18377 [ 72.651710][ T1527] Unable to handle kernel NULL pointer dereference at virtual address 00000000000009d0 18424 [ 72.653999][ T1527] Call trace: 18425 [ 72.654085][ T1527] rmnet_get_packets+0xc4/0x11c [rmnet_core] 18426 [ 72.654170][ T1527] qmi_rmnet_check_stats_2+0x80/0x410 [rmnet_core] 18427 [ 72.654180][ T1527] process_one_work+0x260/0x804 This change Uses the rcu variant of the hlist traversal function in rmnet_get_packet for safe concurrency with the hlist del primitives. It also checks dev pointer before accessing the dev private structure. The existing synchronize rcu call in rmnet_dellink ensures that the ep and dev structure are not freed while being referenced in rcu read session of rmnet_get_packets. Change-Id: Ib5f5aff6e76f9fffd9110a2aa924ad6ab090991f Signed-off-by: Weiyi Chen <quic_weiyic@quicinc.com>