From 1d28bfb4808930b4dc5d9f85f0d2a8d977496610 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 31 Jul 2021 10:04:47 +0200
Subject: [PATCH] 5.10-stable patches

added patches:
	cfg80211-fix-possible-memory-leak-in-function-cfg80211_bss_update.patch
---
 ...leak-in-function-cfg80211_bss_update.patch | 45 +++++++++++++++++++
 queue-5.10/series                             |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 queue-5.10/cfg80211-fix-possible-memory-leak-in-function-cfg80211_bss_update.patch

diff --git a/queue-5.10/cfg80211-fix-possible-memory-leak-in-function-cfg80211_bss_update.patch b/queue-5.10/cfg80211-fix-possible-memory-leak-in-function-cfg80211_bss_update.patch
new file mode 100644
index 00000000000..accc7849815
--- /dev/null
+++ b/queue-5.10/cfg80211-fix-possible-memory-leak-in-function-cfg80211_bss_update.patch
@@ -0,0 +1,45 @@
+From f9a5c358c8d26fed0cc45f2afc64633d4ba21dff Mon Sep 17 00:00:00 2001
+From: Nguyen Dinh Phi <phind.uet@gmail.com>
+Date: Mon, 28 Jun 2021 21:23:34 +0800
+Subject: cfg80211: Fix possible memory leak in function cfg80211_bss_update
+
+From: Nguyen Dinh Phi <phind.uet@gmail.com>
+
+commit f9a5c358c8d26fed0cc45f2afc64633d4ba21dff upstream.
+
+When we exceed the limit of BSS entries, this function will free the
+new entry, however, at this time, it is the last door to access the
+inputed ies, so these ies will be unreferenced objects and cause memory
+leak.
+Therefore we should free its ies before deallocating the new entry, beside
+of dropping it from hidden_list.
+
+Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com>
+Link: https://lore.kernel.org/r/20210628132334.851095-1-phind.uet@gmail.com
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/wireless/scan.c |    6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/net/wireless/scan.c
++++ b/net/wireless/scan.c
+@@ -1746,16 +1746,14 @@ cfg80211_bss_update(struct cfg80211_regi
+ 			 * be grouped with this beacon for updates ...
+ 			 */
+ 			if (!cfg80211_combine_bsses(rdev, new)) {
+-				kfree(new);
++				bss_ref_put(rdev, new);
+ 				goto drop;
+ 			}
+ 		}
+ 
+ 		if (rdev->bss_entries >= bss_entries_limit &&
+ 		    !cfg80211_bss_expire_oldest(rdev)) {
+-			if (!list_empty(&new->hidden_list))
+-				list_del(&new->hidden_list);
+-			kfree(new);
++			bss_ref_put(rdev, new);
+ 			goto drop;
+ 		}
+ 
diff --git a/queue-5.10/series b/queue-5.10/series
index 8132a79dd9c..fe10e918ec2 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -24,3 +24,4 @@ drm-amdgpu-avoid-printing-of-stack-contents-on-firmware-load-error.patch
 drm-amdgpu-fix-resource-leak-on-probe-error-path.patch
 blk-iocost-fix-operation-ordering-in-iocg_wake_fn.patch
 nfc-nfcsim-fix-use-after-free-during-module-unload.patch
+cfg80211-fix-possible-memory-leak-in-function-cfg80211_bss_update.patch
-- 
2.47.3