wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update

[ Upstream commit 1184950e341c11b6f82bc5b59564411d9537ab27 ] Replace rcu_dereference() with rcu_access_pointer() since we hold the lock here (and aren't in an RCU critical section). Fixes: 32af9a9e1069 ("wifi: cfg80211: free beacon_ies when overridden from hidden BSS") Reported-and-tested-by: syzbot+864a269c27ee06b58374@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> Link: https://msgid.link/tencent_BF8F0DF0258C8DBF124CDDE4DD8D992DCF07@qq.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Edward Adam Davis <eadavis@qq.com> 2024-01-03 15:13:51 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-02-23 10:12:51 +0300
commit: e01d8d01ba197cac99bef2495fbf5640f0bc5a72 (patch)
tree: de97a4d4109bd827859548028ae8133d3aad0bae /net
parent: 616053201f939cb326836316d8afcd1e3d2df18b (diff)
download: linux-e01d8d01ba197cac99bef2495fbf5640f0bc5a72.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 7f1a4ba975dd..dacb9ceee3ef 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1019,7 +1019,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,
 					 &hidden->hidden_list);
 				hidden->refcount++;
 
-				ies = (void *)rcu_dereference(new->pub.beacon_ies);
+				ies = (void *)rcu_access_pointer(new->pub.beacon_ies);
 				rcu_assign_pointer(new->pub.beacon_ies,
 						   hidden->pub.beacon_ies);
 				if (ies)
author	Edward Adam Davis <eadavis@qq.com>	2024-01-03 15:13:51 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-02-23 10:12:51 +0300
commit	e01d8d01ba197cac99bef2495fbf5640f0bc5a72 (patch)
tree	de97a4d4109bd827859548028ae8133d3aad0bae /net
parent	616053201f939cb326836316d8afcd1e3d2df18b (diff)
download	linux-e01d8d01ba197cac99bef2495fbf5640f0bc5a72.tar.xz