Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4546251pxj;
        Wed, 12 May 2021 07:57:03 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwF/tG9rHLmQeu2mgWUlQVmUxSWR4IpCimN4tNzs6TO74PZ+JqpOxKWM/rWNczXKqBHs7h+
X-Received: by 2002:aca:75c6:: with SMTP id q189mr7918532oic.124.1620831423115;
        Wed, 12 May 2021 07:57:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620831423; cv=none;
        d=google.com; s=arc-20160816;
        b=N+1dhR84MmGtKbDC5cNB2DG+/404hVIY6awbQ5SoH1kzkCvfGsAVTJCG0KZt6ZPpoN
         V/61lJE0pvM+feF3Zr89BYtaDfxOrNSJ97Z0zacPnU52FiPtJ34zJZMxenqzL5ZznJ+9
         x3zdEXDS19b6T8y+hk/hl/vEq5uOb1E3OPffvnE3RJbmwxMZp4Q4OAIwM5uFzpQPK8Fd
         nkrDfZa87ygw2HDcfkuU6q40nlHHU3j/mM2Q0QBjDrwCHfBoZ80o8gAmIVYb56LepSxg
         IrmOVbfkdklG/8pha4thnS8P2NlabohHtw6H3GGDAyL6i01jDNSfdigJzT1NIVfscipj
         rhUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=SSl9rSnRvwFk75NLTOsHtKOwKz686JR0L4VJp6K1fK4=;
        b=msnACb52ov/4n17QxBEf9Q9v3vXy9+oQfXliRTqyMdFGMK/I2umah90U+8VhZokYk9
         g+/sBRMn442LLTUpbvxCyKJ2WsaZUs2rErt7hq3knqmDLrkpVLsFtcPeypggLS2F4myG
         LpvEe0pknv6neNn9mdBqX2gW4BS4l3FvQaYE9vbOdbnPYEFfmKC1nZi+u9cdH1hIc0Jy
         sbe37E4qO8AN54yXKLQHF7C9zhp/rZUl7/DiZhRZcVAdqAqTOLkxqnNUI3iCqtEJJ9fV
         SV0JwGKrwK2+W4DhVV1vcpxFfAcaXZ1Hto31RR0GmhmjMOY91W01z81mcPNIYeCeDVu4
         DZ4Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=NlPA4Jpq;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c70si198129oib.174.2021.05.12.07.56.49;
        Wed, 12 May 2021 07:57:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=NlPA4Jpq;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232228AbhELOzv (ORCPT <rfc822;lkmlinbox@gmail.com> + 99 others);
        Wed, 12 May 2021 10:55:51 -0400
Received: from mail.kernel.org ([198.145.29.99]:45078 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231867AbhELOzC (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 May 2021 10:55:02 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id A91A461425;
        Wed, 12 May 2021 14:53:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1620831234;
        bh=Yj+n6HTrbEIbSLsN+7fP3a6ulZraPgYJox0mi+iJUDk=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=NlPA4JpqPg8Z8TpVTSbF6lVJfP1H2mJVXorQWLbu9BbGj+0LXkLCYIk3wLlHIfd2n
         NAmCRt10pKnb1jRTuzyIQ6Ce+1NQU8LAkkEoYFhATCzwcnnOwvZQWxgk7E/dN7uS+c
         jBp9XzLbNurvSNa3ev6WIN1QdZcAnneEsxJ/ALuE=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Dan Carpenter <dan.carpenter@oracle.com>,
        Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH 5.4 037/244] cfg80211: scan: drop entry from hidden_list on overflow
Date:   Wed, 12 May 2021 16:46:48 +0200
Message-Id: <20210512144744.241185695@linuxfoundation.org>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210512144743.039977287@linuxfoundation.org>
References: <20210512144743.039977287@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Johannes Berg <johannes.berg@intel.com>

commit 010bfbe768f7ecc876ffba92db30432de4997e2a upstream.

If we overflow the maximum number of BSS entries and free the
new entry, drop it from any hidden_list that it may have been
added to in the code above or in cfg80211_combine_bsses().

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20210416094212.5de7d1676ad7.Ied283b0bc5f504845e7d6ab90626bdfa68bb3dc0@changeid
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/wireless/scan.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1257,6 +1257,8 @@ cfg80211_bss_update(struct cfg80211_regi
 
 		if (rdev->bss_entries >= bss_entries_limit &&
 		    !cfg80211_bss_expire_oldest(rdev)) {
+			if (!list_empty(&new->hidden_list))
+				list_del(&new->hidden_list);
 			kfree(new);
 			goto drop;
 		}