Hi, On 11/26/19 11:05 AM, Stefan Bühler wrote: > From: Stefan Bühler <source@xxxxxxxxxxxx> > > If wdev->wext.keys was initialized it didn't get reset to NULL on > unregister (and it doesn't get set in cfg80211_init_wdev either), but > wdev is reused if unregister was triggered through > cfg80211_switch_netns. > > The next unregister (for whatever reason) will try to free > wdev->wext.keys again. > > Signed-off-by: Stefan Bühler <source@xxxxxxxxxxxx> > --- > net/wireless/core.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/wireless/core.c b/net/wireless/core.c > index 350513744575..3e25229a059d 100644 > --- a/net/wireless/core.c > +++ b/net/wireless/core.c > @@ -1102,6 +1102,7 @@ static void __cfg80211_unregister_wdev(struct wireless_dev *wdev, bool sync) > > #ifdef CONFIG_CFG80211_WEXT > kzfree(wdev->wext.keys); > + wdev->wext.keys = NULL; > #endif > /* only initialized if we have a netdev */ > if (wdev->netdev) > Any status update for this? Anything I can do? Should I resubmit this with "Cc: stable@xxxxxxxxxxxxxxx"? cheers, Stefan -- Stefan Bühler Mail/xmpp: stefan.buehler@xxxxxxxxxxxxxxxxxxxx Netze und Kommunikationssysteme der Universität Stuttgart (NKS) https://www.tik.uni-stuttgart.de/ Telefon: +49 711 685 60854
