Commit 1184950e authored by Edward Adam Davis's avatar Edward Adam Davis Committed by Johannes Berg
Browse files

wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update 



Replace rcu_dereference() with rcu_access_pointer() since we hold
the lock here (and aren't in an RCU critical section).

Fixes: 32af9a9e ("wifi: cfg80211: free beacon_ies when overridden from hidden BSS")
Reported-and-tested-by: default avatar <syzbot+864a269c27ee06b58374@syzkaller.appspotmail.com>
Signed-off-by: default avatarEdward Adam Davis <eadavis@qq.com>
Link: https://msgid.link/tencent_BF8F0DF0258C8DBF124CDDE4DD8D992DCF07@qq.com


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 96850912

net/wireless/scan.c

+1 −1
Original line number Diff line number Diff line
@@ -1864,7 +1864,7 @@ __cfg80211_bss_update(struct cfg80211_registered_device *rdev, 
					 &hidden->hidden_list);

				hidden->refcount++;



				ies = (void *)rcu_dereference(new->pub.beacon_ies);

				ies = (void *)rcu_access_pointer(new->pub.beacon_ies);

				rcu_assign_pointer(new->pub.beacon_ies,

						   hidden->pub.beacon_ies);

				if (ies)