6.7-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Berg benjamin.berg@intel.com
[ Upstream commit f510bcc21ed97911b811c5bf36ed43a0e94ab702 ]
When doing a channel switch, cfg80211_update_known_bss may be called with a BSS where both proberesp_ies and beacon_ies is set. If that happens, both need to be consumed.
Signed-off-by: Benjamin Berg benjamin.berg@intel.com Signed-off-by: Miri Korenblit miriam.rachel.korenblit@intel.com Link: https://msgid.link/20231211085121.07a88656d7df.I0fe9fc599382de0eccf96455617e... Signed-off-by: Johannes Berg johannes.berg@intel.com Stable-dep-of: 177fbbcb4ed6 ("wifi: cfg80211: detect stuck ECSA element in probe resp") Signed-off-by: Sasha Levin sashal@kernel.org --- net/wireless/scan.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index b9da6f5152cb..f819ca3891fc 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1746,7 +1746,9 @@ cfg80211_update_known_bss(struct cfg80211_registered_device *rdev, new->pub.proberesp_ies); if (old) kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); - } else if (rcu_access_pointer(new->pub.beacon_ies)) { + } + + if (rcu_access_pointer(new->pub.beacon_ies)) { const struct cfg80211_bss_ies *old;
if (known->pub.hidden_beacon_bss &&