wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update

[ Upstream commit 1184950e341c11b6f82bc5b59564411d9537ab27 ] Replace rcu_dereference() with rcu_access_pointer() since we hold the lock here (and aren't in an RCU critical section). Fixes: 32af9a9e1069 ("wifi: cfg80211: free beacon_ies when overridden from hidden BSS") Reported-and-tested-by: syzbot+864a269c27ee06b58374@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> Link: https://msgid.link/tencent_BF8F0DF0258C8DBF124CDDE4DD8D992DCF07@qq.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-01-03 20:13:51 +08:00 · 2024-01-03 20:13:51 +08:00 · a8e8a1a7db
commit a8e8a1a7db
parent fc5c519702
1 changed files with 1 additions and 1 deletions
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@ -1801,7 +1801,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,
 					 &hidden->hidden_list);
 				hidden->refcount++;

-				ies = (void *)rcu_dereference(new->pub.beacon_ies);
+				ies = (void *)rcu_access_pointer(new->pub.beacon_ies);
 				rcu_assign_pointer(new->pub.beacon_ies,
 						   hidden->pub.beacon_ies);
 				if (ies)