This is a note to let you know that I've just added the patch titled
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
wifi-cfg80211-fix-rcu-dereference-in-__cfg80211_bss_.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 1ff8a08a9ac54067bb447b9cc662175efbbc2de1
Author: Edward Adam Davis <eadavis@xxxxxx>
Date: Wed Jan 3 20:13:51 2024 +0800
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
[ Upstream commit 1184950e341c11b6f82bc5b59564411d9537ab27 ]
Replace rcu_dereference() with rcu_access_pointer() since we hold
the lock here (and aren't in an RCU critical section).
Fixes: 32af9a9e1069 ("wifi: cfg80211: free beacon_ies when overridden from hidden BSS")
Reported-and-tested-by: syzbot+864a269c27ee06b58374@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
Link: https://msgid.link/tencent_BF8F0DF0258C8DBF124CDDE4DD8D992DCF07@xxxxxx
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 6f0a01038db1..a6c289a61d30 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1802,7 +1802,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,
&hidden->hidden_list);
hidden->refcount++;
- ies = (void *)rcu_dereference(new->pub.beacon_ies);
+ ies = (void *)rcu_access_pointer(new->pub.beacon_ies);
rcu_assign_pointer(new->pub.beacon_ies,
hidden->pub.beacon_ies);
if (ies)
