aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel/mac80211/patches/360-0001-brcmfmac-fix-double-free-of-p2pdev-interface.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/kernel/mac80211/patches/360-0001-brcmfmac-fix-double-free-of-p2pdev-interface.patch')
-rw-r--r--package/kernel/mac80211/patches/360-0001-brcmfmac-fix-double-free-of-p2pdev-interface.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/360-0001-brcmfmac-fix-double-free-of-p2pdev-interface.patch b/package/kernel/mac80211/patches/360-0001-brcmfmac-fix-double-free-of-p2pdev-interface.patch
new file mode 100644
index 0000000000..179c77e9df
--- /dev/null
+++ b/package/kernel/mac80211/patches/360-0001-brcmfmac-fix-double-free-of-p2pdev-interface.patch
@@ -0,0 +1,27 @@
+From: Arend van Spriel <arend@broadcom.com>
+Date: Mon, 15 Jun 2015 22:48:38 +0200
+Subject: [PATCH] brcmfmac: fix double free of p2pdev interface
+
+When freeing the driver ifp pointer it should also be removed from
+the driver interface list, which is what brcmf_remove_interface()
+does. Otherwise, the ifp pointer will be freed twice triggering
+a kernel oops.
+
+Fixes: f37d69a4babc ("brcmfmac: free ifp for non-netdev interface in p2p module")
+Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
+Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
+Signed-off-by: Arend van Spriel <arend@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+
+--- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
++++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+@@ -2140,7 +2140,7 @@ static void brcmf_p2p_delete_p2pdev(stru
+ {
+ cfg80211_unregister_wdev(&vif->wdev);
+ p2p->bss_idx[P2PAPI_BSSCFG_DEVICE].vif = NULL;
+- kfree(vif->ifp);
++ brcmf_remove_interface(vif->ifp->drvr, vif->ifp->bssidx);
+ brcmf_free_vif(vif);
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 05:36:25 +0000