4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edward Adam Davis <eadavis@xxxxxx>
[ Upstream commit 1184950e341c11b6f82bc5b59564411d9537ab27 ]
Replace rcu_dereference() with rcu_access_pointer() since we hold
the lock here (and aren't in an RCU critical section).
Fixes: 32af9a9e1069 ("wifi: cfg80211: free beacon_ies when overridden from hidden BSS")
Reported-and-tested-by: syzbot+864a269c27ee06b58374@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
Link: https://msgid.link/tencent_BF8F0DF0258C8DBF124CDDE4DD8D992DCF07@xxxxxx
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
net/wireless/scan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 7f1a4ba975dd..dacb9ceee3ef 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1019,7 +1019,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,
&hidden->hidden_list);
hidden->refcount++;
- ies = (void *)rcu_dereference(new->pub.beacon_ies);
+ ies = (void *)rcu_access_pointer(new->pub.beacon_ies);
rcu_assign_pointer(new->pub.beacon_ies,
hidden->pub.beacon_ies);
if (ies)
--
2.43.0
