linux-stable/net/wireless
Nguyen Dinh Phi 52affc201f cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
commit 563fbefed4 upstream.

If the userspace tools switch from NL80211_IFTYPE_P2P_GO to
NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it
does not call the cleanup cfg80211_stop_ap(), this leads to the
initialization of in-use data. For example, this path re-init the
sdata->assigned_chanctx_list while it is still an element of
assigned_vifs list, and makes that linked list corrupt.

Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com>
Reported-by: syzbot+bbf402b783eeb6d908db@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20211027173722.777287-1-phind.uet@gmail.com
Cc: stable@vger.kernel.org
Fixes: ac800140c2 ("cfg80211: .stop_ap when interface is going down")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-11-26 10:47:22 +01:00
..
certs
.gitignore
ap.c
chan.c nl80211: Disallow setting of HT for channel 14 2019-10-30 10:07:22 +01:00
core.c cfg80211: initialize wdev data earlier 2020-11-18 19:20:23 +01:00
core.h nl80211: validate key indexes for cfg80211_registered_device 2021-06-10 13:37:02 +02:00
debugfs.c
debugfs.h
ethtool.c cfg80211: check wiphy driver existence for drvinfo report 2020-03-05 16:43:36 +01:00
ibss.c cfg80211: ibss: use 11a mandatory rates for 6GHz band operation 2019-08-21 10:54:57 +02:00
Kconfig lib80211: fix unmet direct dependendices config warning when !CRYPTO 2020-10-01 13:18:20 +02:00
lib80211.c
lib80211_crypt_ccmp.c lib80211: use crypto API ccm(aes) transform for CCMP processing 2019-07-26 13:22:47 +02:00
lib80211_crypt_tkip.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lib80211_crypt_wep.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
Makefile cfg80211: make certificate generation more robust 2021-06-23 14:41:29 +02:00
mesh.c
mlme.c
nl80211.c net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT 2021-11-02 19:46:15 +01:00
nl80211.h
ocb.c
of.c
pmsr.c cfg80211: avoid double free of PMSR request 2021-06-23 14:41:30 +02:00
radiotap.c
rdev-ops.h cfg80211: Fix radar event during another phy CAC 2020-02-05 21:22:46 +00:00
reg.c cfg80211: regulatory: Fix inconsistent format argument 2020-11-18 19:20:23 +01:00
reg.h mac80211: fix scan when operating on DFS channels in ETSI domains 2019-10-07 22:10:50 +02:00
scan.c cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() 2021-11-02 19:46:12 +01:00
sme.c cfg80211: remove WARN_ON() in cfg80211_sme_connect 2021-04-14 08:24:18 +02:00
sysfs.c
sysfs.h
trace.c
trace.h cfg80211: Fix radar event during another phy CAC 2020-02-05 21:22:46 +00:00
util.c cfg80211: call cfg80211_stop_ap when switch from P2P_GO type 2021-11-26 10:47:22 +01:00
wext-compat.c cfg80211: initialize on-stack chandefs 2019-10-01 17:56:18 +02:00
wext-compat.h
wext-core.c wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-02-03 23:25:56 +01:00
wext-priv.c
wext-proc.c
wext-sme.c cfg80211: wext: avoid copying malformed SSIDs 2019-10-04 14:04:08 +02:00
wext-spy.c wireless: wext-spy: Fix out-of-bounds warning 2021-07-19 08:53:12 +02:00