cfg80211: fix regulatory NULL dereference

commit de3584bd62d87b4c250129fbc46ca52c80330add upstream.

By the time userspace returns with a response to
the regulatory domain request, the wiphy causing
the request might have gone away. If this is so,
reject the update but mark the request as having
been processed anyway.

Cc: Luis R. Rodriguez <lrodriguez@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 213103e3f996e7cbf7dd8ba38942b67b4824bf4b..3c5ddeafb931a2ad2add6a6681249ec43a79646b 100644 (file)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -2026,6 +2026,10 @@ static int __set_regdom(const struct ieee80211_regdomain *rd)
        }
 
        request_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx);
+       if (!request_wiphy) {
+               reg_set_request_processed();
+               return -ENODEV;
+       }
 
        if (!last_request->intersect) {
                int r;