Commit cb700df8 authored by Arend van Spriel's avatar Arend van Spriel Committed by Kalle Valo
Browse files

brcmfmac: fix double free of p2pdev interface 



When freeing the driver ifp pointer it should also be removed from
the driver interface list, which is what brcmf_remove_interface()
does. Otherwise, the ifp pointer will be freed twice triggering
a kernel oops.

Fixes: f37d69a4 ("brcmfmac: free ifp for non-netdev interface in p2p module")
Reviewed-by: default avatarPieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: default avatarHante Meuleman <meuleman@broadcom.com>
Signed-off-by: default avatarArend van Spriel <arend@broadcom.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
parent 323d8f1b

drivers/net/wireless/brcm80211/brcmfmac/p2p.c

+1 −1
Original line number Diff line number Diff line
@@ -2140,7 +2140,7 @@ static void brcmf_p2p_delete_p2pdev(struct brcmf_p2p_info *p2p, 
{

	cfg80211_unregister_wdev(&vif->wdev);

	p2p->bss_idx[P2PAPI_BSSCFG_DEVICE].vif = NULL;

	kfree(vif->ifp);

	brcmf_remove_interface(vif->ifp->drvr, vif->ifp->bssidx);

	brcmf_free_vif(vif);

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE