Hi Bernhard, On Mon, Dec 12, 2022 at 6:12 PM Bernhard Rosenkränzer <b...@baylibre.com> wrote: > > Calling eth_halt() could result in memory corruption if the stop() > handler frees or modifies the priv member. > > A stored value of dev_get_uclass_priv() is assumed to remain valid > after the stop() handler has been called, which is not always the > case (e.g. rndis over usb gadget). > > Re-check the priv pointer after calling the stop() handler. > > Signed-off-by: Bernhard Rosenkränzer <b...@baylibre.com> > --- > net/eth-uclass.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/net/eth-uclass.c b/net/eth-uclass.c > index f41da4b37b..410f3310c7 100644 > --- a/net/eth-uclass.c > +++ b/net/eth-uclass.c > @@ -343,6 +343,11 @@ void eth_halt(void) > return; > > eth_get_ops(current)->stop(current); > + > + priv = dev_get_uclass_priv(current); > + if (!priv || !priv->running) > + return; > +
Niel submitted the same fix: https://lists.denx.de/pipermail/u-boot/2022-December/502055.html
