[PATCH 6.6 260/322] wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update

3 Feb 2024

6.6-stable review patch.  If anyone has any objections, please let me know.
------------------
From: Edward Adam Davis eadavis@qq.com
[ Upstream commit 1184950e341c11b6f82bc5b59564411d9537ab27 ]
Replace rcu_dereference() with rcu_access_pointer() since we hold
the lock here (and aren't in an RCU critical section).
Fixes: 32af9a9e1069 ("wifi: cfg80211: free beacon_ies when overridden from hidden BSS")
Reported-and-tested-by: syzbot+864a269c27ee06b58374@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis eadavis@qq.com
Link: https://msgid.link/tencent_BF8F0DF0258C8DBF124CDDE4DD8D992DCF07@qq.com
Signed-off-by: Johannes Berg johannes.berg@intel.com
Signed-off-by: Sasha Levin sashal@kernel.org
---
 net/wireless/scan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 04ef7cdd39b5..c646094a5fc4 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1830,7 +1830,7 @@ __cfg80211_bss_update(struct cfg80211_registered_device *rdev,
    				 &hidden->hidden_list);
    			hidden->refcount++;
-				ies = (void *)rcu_dereference(new->pub.beacon_ies);
+				ies = (void *)rcu_access_pointer(new->pub.beacon_ies);
    			rcu_assign_pointer(new->pub.beacon_ies,
    					   hidden->pub.beacon_ies);
    			if (ies)
-- 
2.43.0





    

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 6.6 260/322] wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update