mwifiex: fix unbalanced locking in mwifiex_process_country_ie() commit 65b1aae0d9d5962faccc06bdb8e91a2a0b09451c upstream. We called rcu_read_lock(), so we need to call rcu_read_unlock() before we return. Fixes: 3d94a4a8373b ("mwifiex: fix possible heap overflow in mwifiex_process_country_ie()") Cc: stable@vger.kernel.org Cc: huangwen <huangwenabc@gmail.com> Cc: Ganapathi Bhat <ganapathi.bhat@nxp.com> Signed-off-by: Brian Norris <briannorris@chromium.org> Acked-by: Ganapathi Bhat <ganapathi.bhat@nxp.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: 8c74cc7191b85f46d803e1ddcb26c3caaa915513 [log] [tgz]
author: Brian Norris <briannorris@chromium.org> Mon Jan 06 14:42:12 2020 -0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Fri Feb 14 16:31:02 2020 -0500
tree: e2e5dcf3c87473e45ddd4d028072817f3f80857f
parent: 43e78bf3d677f0778c4395dc90d73d1a78b93e7b [diff]
diff --git a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
index be3be7a..f2d10ba 100644
--- a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
+++ b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c

@@ -274,6 +274,7 @@ static int mwifiex_process_country_ie(struct mwifiex_private *priv,
 
 	if (country_ie_len >
 	    (IEEE80211_COUNTRY_STRING_LEN + MWIFIEX_MAX_TRIPLET_802_11D)) {
+		rcu_read_unlock();
 		mwifiex_dbg(priv->adapter, ERROR,
 			    "11D: country_ie_len overflow!, deauth AP\n");
 		return -EINVAL;
commit	8c74cc7191b85f46d803e1ddcb26c3caaa915513	[log] [tgz]
author	Brian Norris <briannorris@chromium.org>	Mon Jan 06 14:42:12 2020 -0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Fri Feb 14 16:31:02 2020 -0500
tree	e2e5dcf3c87473e45ddd4d028072817f3f80857f
parent	43e78bf3d677f0778c4395dc90d73d1a78b93e7b [diff]