CVE-2022-50714

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7921e: fix rmmod crash in driver reload test

In insmod/rmmod stress test, the following crash dump shows up immediately. The problem is caused by missing mt76dev in mt7921pci_remove(). We should make sure the drvdata is ready before probe() finished.

[168.862789] ================================================================== [168.862797] BUG: KASAN: user-memory-access in trytograbpending+0x59/0x480 [168.862805] Write of size 8 at addr 0000000000006df0 by task rmmod/5361 [168.862812] CPU: 7 PID: 5361 Comm: rmmod Tainted: G OE 5.19.0-rc6 #1 [168.862816] Hardware name: Intel(R) Client Systems NUC8i7BEH/NUC8BEB, 05/04/2020 [168.862820] Call Trace: [168.862822] <TASK> [168.862825] dumpstacklvl+0x49/0x63 [168.862832] printreport.cold+0x493/0x6b7 [168.862845] kasanreport+0xa7/0x120 [168.862857] kasancheckrange+0x163/0x200 [168.862861] _kasancheckwrite+0x14/0x20 [168.862866] trytograbpending+0x59/0x480 [168.862870] _cancelworktimer+0xbb/0x340 [168.862898] cancelworksync+0x10/0x20 [168.862902] mt7921pciremove+0x61/0x1c0 [mt7921e] [168.862909] pcideviceremove+0xa3/0x1d0 [168.862914] deviceremove+0xc4/0x170 [168.862920] devicereleasedriverinternal+0x163/0x300 [168.862925] driverdetach+0xc7/0x1a0 [168.862930] busremovedriver+0xeb/0x2d0 [168.862935] driverunregister+0x71/0xb0 [168.862939] pciunregisterdriver+0x30/0x230 [168.862944] mt7921pcidriverexit+0x10/0x1b [mt7921e] [168.862949] _x64sysdeletemodule+0x2f9/0x4b0 [168.862968] dosyscall64+0x38/0x90 [168.862973] entrySYSCALL64after_hwframe+0x63/0xcd

Test steps: 1. insmode 2. do not ifup 3. rmmod quickly (within 1 second)