From: Johannes Berg johannes.berg@intel.com
commit 010bfbe768f7ecc876ffba92db30432de4997e2a upstream.
If we overflow the maximum number of BSS entries and free the new entry, drop it from any hidden_list that it may have been added to in the code above or in cfg80211_combine_bsses().
Reported-by: Dan Carpenter dan.carpenter@oracle.com Link: https://lore.kernel.org/r/20210416094212.5de7d1676ad7.Ied283b0bc5f504845e7d6... Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg johannes.berg@intel.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- net/wireless/scan.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index e5d61ba837add..67b2747ad9ef8 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1036,6 +1036,8 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,
if (rdev->bss_entries >= bss_entries_limit && !cfg80211_bss_expire_oldest(rdev)) { + if (!list_empty(&new->hidden_list)) + list_del(&new->hidden_list); kfree(new); goto drop; }