diff options
| author | Edward Adam Davis <eadavis@qq.com> | 2024-01-03 20:13:51 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-23 08:54:52 +0100 |
| commit | cfe839036758f790c474ecef8f84376931a21b72 (patch) | |
| tree | 267788f9fb743624ef719670b3aaed26d296e391 /net/wireless | |
| parent | 8a070a5884dc4bcbfd15dce98340fbd222e72eaf (diff) | |
| download | linux-cfe839036758f790c474ecef8f84376931a21b72.tar.gz linux-cfe839036758f790c474ecef8f84376931a21b72.tar.bz2 linux-cfe839036758f790c474ecef8f84376931a21b72.zip | |
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
[ Upstream commit 1184950e341c11b6f82bc5b59564411d9537ab27 ]
Replace rcu_dereference() with rcu_access_pointer() since we hold
the lock here (and aren't in an RCU critical section).
Fixes: 32af9a9e1069 ("wifi: cfg80211: free beacon_ies when overridden from hidden BSS")
Reported-and-tested-by: syzbot+864a269c27ee06b58374@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Link: https://msgid.link/tencent_BF8F0DF0258C8DBF124CDDE4DD8D992DCF07@qq.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net/wireless')
| -rw-r--r-- | net/wireless/scan.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 68c48970ebf7..2898df10a72a 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1809,7 +1809,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, &hidden->hidden_list); hidden->refcount++; - ies = (void *)rcu_dereference(new->pub.beacon_ies); + ies = (void *)rcu_access_pointer(new->pub.beacon_ies); rcu_assign_pointer(new->pub.beacon_ies, hidden->pub.beacon_ies); if (ies) |