This is a note to let you know that I've just added the patch titled
wifi: nl80211: don't free NULL coalescing rule
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
wifi-nl80211-don-t-free-null-coalescing-rule.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 801ea33ae82d6a9d954074fbcf8ea9d18f1543a7 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@xxxxxxxxx>
Date: Thu, 18 Apr 2024 10:52:23 +0200
Subject: wifi: nl80211: don't free NULL coalescing rule
From: Johannes Berg <johannes.berg@xxxxxxxxx>
commit 801ea33ae82d6a9d954074fbcf8ea9d18f1543a7 upstream.
If the parsing fails, we can dereference a NULL pointer here.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: be29b99a9b51 ("cfg80211/nl80211: Add packet coalesce support")
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@xxxxxxxxx>
Link: https://msgid.link/20240418105220.b328f80406e7.Id75d961050deb05b3e4e354e024866f350c68103@changeid
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/wireless/nl80211.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -12890,6 +12890,8 @@ static int nl80211_set_coalesce(struct s
error:
for (i = 0; i < new_coalesce.n_rules; i++) {
tmp_rule = &new_coalesce.rules[i];
+ if (!tmp_rule)
+ continue;
for (j = 0; j < tmp_rule->n_patterns; j++)
kfree(tmp_rule->patterns[j].mask);
kfree(tmp_rule->patterns);
Patches currently in stable-queue which might be from johannes.berg@xxxxxxxxx are
queue-5.15/wifi-nl80211-don-t-free-null-coalescing-rule.patch
queue-5.15/wifi-iwlwifi-mvm-return-uid-from-iwl_mvm_build_scan_.patch
queue-5.15/wifi-iwlwifi-mvm-remove-old-pasn-station-when-adding.patch
