mac80211: fix channel switch for chanctx-based drivers

The new_ctx pointer is set only for non-chanctx drivers. This yielded a crash for chanctx-based drivers during channel switch finalization: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 IP: ieee80211_vif_use_reserved_switch+0x71c/0xb00 [mac80211] Use an adequate chanctx pointer to fix this. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

mac80211: fix channel switch for chanctx-based drivers
The new_ctx pointer is set only for non-chanctx drivers. This yielded a crash for chanctx-based drivers during channel switch finalization: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 IP: ieee80211_vif_use_reserved_switch+0x71c/0xb00 [mac80211] Use an adequate chanctx pointer to fix this. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michal Kazior · Linus Torvalds
1 parent 433ab34d26
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
net/mac80211/chan.c
@@ -1444,7 +1444,7 @@
  
 			list_del(&sdata->reserved_chanctx_list);
 			list_move(&sdata->assigned_chanctx_list,
-				  &new_ctx->assigned_vifs);
+				  &ctx->assigned_vifs);
 			sdata->reserved_chanctx = NULL;
  
 			ieee80211_vif_chanctx_reservation_complete(sdata);
...	...	@@ -1444,7 +1444,7 @@
1444	1444
1445	1445	list_del(&sdata->reserved_chanctx_list);
1446	1446	list_move(&sdata->assigned_chanctx_list,
1447		- &new_ctx->assigned_vifs);
	1447	+ &ctx->assigned_vifs);
1448	1448	sdata->reserved_chanctx = NULL;
1449	1449
1450	1450	ieee80211_vif_chanctx_reservation_complete(sdata);