forked from luck/tmp_suning_uos_patched
7b97b5776d
commit 563fbefed46ae4c1f70cffb8eb54c02df480b2c2 upstream.
If the userspace tools switch from NL80211_IFTYPE_P2P_GO to
NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it
does not call the cleanup cfg80211_stop_ap(), this leads to the
initialization of in-use data. For example, this path re-init the
sdata->assigned_chanctx_list while it is still an element of
assigned_vifs list, and makes that linked list corrupt.
Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com>
Reported-by: syzbot+bbf402b783eeb6d908db@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20211027173722.777287-1-phind.uet@gmail.com
Cc: stable@vger.kernel.org
Fixes:
|
||
---|---|---|
.. | ||
certs | ||
.gitignore | ||
ap.c | ||
chan.c | ||
core.c | ||
core.h | ||
debugfs.c | ||
debugfs.h | ||
ethtool.c | ||
ibss.c | ||
Kconfig | ||
lib80211_crypt_ccmp.c | ||
lib80211_crypt_tkip.c | ||
lib80211_crypt_wep.c | ||
lib80211.c | ||
Makefile | ||
mesh.c | ||
mlme.c | ||
nl80211.c | ||
nl80211.h | ||
ocb.c | ||
of.c | ||
pmsr.c | ||
radiotap.c | ||
rdev-ops.h | ||
reg.c | ||
reg.h | ||
scan.c | ||
sme.c | ||
sysfs.c | ||
sysfs.h | ||
trace.c | ||
trace.h | ||
util.c | ||
wext-compat.c | ||
wext-compat.h | ||
wext-core.c | ||
wext-priv.c | ||
wext-proc.c | ||
wext-sme.c | ||
wext-spy.c |