diff options
author | Johannes Berg <johannes.berg@intel.com> | 2021-09-30 13:11:21 +0200 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2021-10-01 11:02:27 +0200 |
commit | a2083eeb119fb9307258baea9b7c243ca9a2e0b6 (patch) | |
tree | 75f565f3b331c4cb56a88b35557ca81ef67d2fc6 | |
parent | 636707e593120c9fa35f6a908c0d052f6154910d (diff) |
cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
The SSID pointer is pointing to RCU protected data, so we
need to have it under rcu_read_lock() for the entire use.
Fix this.
Cc: stable@vger.kernel.org
Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
Link: https://lore.kernel.org/r/20210930131120.6ddfc603aa1d.I2137344c4e2426525b1a8e4ce5fca82f8ecbfe7e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-rw-r--r-- | net/wireless/scan.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 11c68b159324..adc0d14cfd86 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -418,14 +418,17 @@ cfg80211_add_nontrans_list(struct cfg80211_bss *trans_bss, } ssid_len = ssid[1]; ssid = ssid + 2; - rcu_read_unlock(); /* check if nontrans_bss is in the list */ list_for_each_entry(bss, &trans_bss->nontrans_list, nontrans_list) { - if (is_bss(bss, nontrans_bss->bssid, ssid, ssid_len)) + if (is_bss(bss, nontrans_bss->bssid, ssid, ssid_len)) { + rcu_read_unlock(); return 0; + } } + rcu_read_unlock(); + /* add to the list */ list_add_tail(&nontrans_bss->nontrans_list, &trans_bss->nontrans_list); return 0; |