In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: disable napi on driver removal
A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76dmacleanup().
WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 netifnapidellocked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy) Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024 RIP: 0010:netifnapidellocked+0xf0/0x100 Call Trace: <TASK> mt76dmacleanup+0x54/0x2f0 [mt76] mt7921pciremove+0xd5/0x190 [mt7921e] pcideviceremove+0x47/0xc0 devicereleasedriverinternal+0x19e/0x200 driverdetach+0x48/0x90 busremovedriver+0x6d/0xf0 pciunregisterdriver+0x2e/0xb0 _dosysdeletemodule.isra.0+0x197/0x2e0 dosyscall64+0x7b/0x160 entrySYSCALL64afterhwframe+0x76/0x7e
Tested with mt7921e but the same pattern can be actually applied to other mt76 drivers calling mt76dmacleanup() during removal. Tx napi is enabled in their *dmainit() functions and only toggled off and on again inside their suspend/resume/reset paths. So it should be okay to disable tx napi in such a generic way.
Found by Linux Verification Center (linuxtesting.org).