]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b54eecd)
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
authorEdward Adam Davis <eadavis@qq.com>
Wed, 3 Jan 2024 12:13:51 +0000 (20:13 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 23 Feb 2024 07:42:15 +0000 (08:42 +0100)
[ Upstream commit 1184950e341c11b6f82bc5b59564411d9537ab27 ]

Replace rcu_dereference() with rcu_access_pointer() since we hold
the lock here (and aren't in an RCU critical section).

Fixes: 32af9a9e1069 ("wifi: cfg80211: free beacon_ies when overridden from hidden BSS")
Reported-and-tested-by: syzbot+864a269c27ee06b58374@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Link: https://msgid.link/tencent_BF8F0DF0258C8DBF124CDDE4DD8D992DCF07@qq.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/wireless/scan.c patch | blob | blame | history

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 6f0a01038db154d1a9bf7731aa99af6d1d83be4a..a6c289a61d30c69c29356a2fc4d45b199772e4bc 100644 (file)
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1802,7 +1802,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,
                                         &hidden->hidden_list);
                                hidden->refcount++;
 
-                               ies = (void *)rcu_dereference(new->pub.beacon_ies);
+                               ies = (void *)rcu_access_pointer(new->pub.beacon_ies);
                                rcu_assign_pointer(new->pub.beacon_ies,
                                                   hidden->pub.beacon_ies);
                                if (ies)
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git