korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-27 04:54:41 +08:00
Code Issues Packages Projects Releases Wiki Activity
fda2635466
linux/drivers/net/wireless
History
Johannes Berg bea2662e78 iwlwifi: fix use-after-free 
If no firmware was present at all (or, presumably, all of the
firmware files failed to parse), we end up unbinding by calling
device_release_driver(), which calls remove(), which then in
iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However
the new code I added will still erroneously access it after it
was freed.

Set 'failure=false' in this case to avoid the access, all data
was already freed anyway.

Cc: stable@vger.kernel.org
Reported-by: Stefan Agner <stefan@agner.ch>
Reported-by: Wolfgang Walter <linux@stwm.de>
Reported-by: Jason Self <jason@bluehome.net>
Reported-by: Dominik Behr <dominik@dominikbehr.com>
Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Fixes: ab07506b04 ("iwlwifi: fix leaks/bad data after failed firmware load")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220208114728.e6b514cf4c85.Iffb575ca2a623d7859b542c33b2a507d01554251@changeid
2022-02-10 10:16:27 +02:00
..
admtek
ath Rework of the MSI interrupt infrastructure: 2022-01-13 09:05:29 -08:00
atmel atmel: use eth_hw_addr_set() 2021-10-20 12:39:44 +03:00
broadcom brcmfmac: firmware: Fix crash in brcm_alt_fw_path 2022-01-28 16:06:04 +02:00
cisco proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
intel iwlwifi: fix use-after-free 2022-02-10 10:16:27 +02:00
intersil proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
marvell libertas_tf: Add missing __packed annotations 2021-12-08 20:39:54 +02:00
mediatek wireless-drivers-next patches for v5.17 2021-12-23 09:12:37 -08:00
microchip wilc1000: Add reset/enable GPIO support to SPI driver 2021-12-22 19:51:18 +02:00
quantenna wireless: use eth_hw_addr_set() instead of ether_addr_copy() 2021-10-20 12:39:42 +03:00
ralink rt2x00: do not mark device gone on EPROTO errors during start 2021-11-29 12:53:50 +02:00
realtek wireless-drivers-next patches for v5.17 2021-12-23 09:12:37 -08:00
rsi Merge branch 'signal-for-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2022-01-17 05:49:30 +02:00
st wireless: Remove redundant 'flush_workqueue()' calls 2021-10-13 09:22:19 +03:00
ti wl1251: specify max. IE length 2021-12-16 10:28:38 +02:00
zydas zd1201: use eth_hw_addr_set() 2021-10-20 12:39:47 +03:00
Kconfig
mac80211_hwsim.c mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work 2022-01-31 15:29:30 +01:00
mac80211_hwsim.h
Makefile
ray_cs.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
ray_cs.h
rayctl.h
rndis_wlan.c wireless: Remove redundant 'flush_workqueue()' calls 2021-10-13 09:22:19 +03:00
virt_wifi.c virt_wifi: fix error on connect 2021-07-23 10:34:31 +02:00
wl3501_cs.c wl3501_cs: use eth_hw_addr_set() 2021-10-20 12:39:47 +03:00
wl3501.h wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join 2021-04-22 17:38:41 +03:00