mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-20 09:31:09 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/wireless
History
Nguyen Dinh Phi 5a9b671c8d cfg80211: call cfg80211_stop_ap when switch from P2P_GO type 
commit 563fbefed4 upstream.

If the userspace tools switch from NL80211_IFTYPE_P2P_GO to
NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it
does not call the cleanup cfg80211_stop_ap(), this leads to the
initialization of in-use data. For example, this path re-init the
sdata->assigned_chanctx_list while it is still an element of
assigned_vifs list, and makes that linked list corrupt.

Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com>
Reported-by: syzbot+bbf402b783eeb6d908db@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20211027173722.777287-1-phind.uet@gmail.com
Cc: stable@vger.kernel.org
Fixes: ac800140c2 ("cfg80211: .stop_ap when interface is going down")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-11-25 09:48:46 +01:00
..
certs
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
ap.c
chan.c cfg80211: add cfg80211_any_usable_channels() 2021-06-23 13:05:08 +02:00
core.c cfg80211: always free wiphy specific regdomain 2021-11-18 19:16:26 +01:00
core.h cfg80211: fix management registrations locking 2021-10-25 15:20:22 +02:00
debugfs.c cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
debugfs.h
ethtool.c cfg80211: check wiphy driver existence for drvinfo report 2020-02-07 12:53:26 +01:00
ibss.c cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
Kconfig cfg80211: select CONFIG_CRC32 2021-01-05 15:50:36 -08:00
lib80211.c lib80211: Remove unused macro DRV_NAME 2020-09-18 11:53:00 +02:00
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211_crypt_wep.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
Makefile cfg80211: make certificate generation more robust 2021-06-18 13:25:15 +02:00
mesh.c cfg80211/mac80211: add mesh_param "mesh_nolearn" to skip path discovery 2020-07-31 09:24:23 +02:00
mlme.c cfg80211: fix management registrations locking 2021-10-25 15:20:22 +02:00
nl80211.c nl80211: fix radio statistics in survey dump 2021-11-25 09:48:34 +01:00
nl80211.h nl80211: fix radio statistics in survey dump 2021-11-25 09:48:34 +01:00
ocb.c
of.c
pmsr.c nl80211/cfg80211: add BSS color to NDP ranging parameters 2021-06-23 11:29:14 +02:00
radiotap.c mac80211: Use flex-array for radiotap header bitmap 2021-08-13 09:58:25 +02:00
rdev-ops.h nl80211: add support for BSS coloring 2021-08-17 11:58:21 +02:00
reg.c cfg80211: use wiphy DFS domain if it is self-managed 2021-08-26 11:04:55 +02:00
reg.h cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
scan.c cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() 2021-10-01 11:02:27 +02:00
sme.c cfg80211: remove WARN_ON() in cfg80211_sme_connect 2021-04-08 10:14:55 +02:00
sysfs.c cfg80211: shut down interfaces on failed resume 2021-06-09 16:09:20 +02:00
sysfs.h
trace.c
trace.h cfg80211: fix BSS color notify trace enum confusion 2021-08-18 09:21:52 +02:00
util.c cfg80211: call cfg80211_stop_ap when switch from P2P_GO type 2021-11-25 09:48:46 +01:00
wext-compat.c cfg80211: expose the rfkill device to the low level driver 2021-06-23 11:29:13 +02:00
wext-compat.h
wext-core.c wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-01-26 11:59:42 +01:00
wext-priv.c
wext-proc.c
wext-sme.c cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
wext-spy.c wireless: wext-spy: Fix out-of-bounds warning 2021-06-23 10:57:17 +02:00