diff options
author | Johannes Berg <johannes.berg@intel.com> | 2021-01-28 20:35:28 +0300 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2021-01-28 21:11:11 +0300 |
commit | 776a39b8196dbca4afb69669db0d9926ffac29ab (patch) | |
tree | b58e12f03b492604c7d4c938b0ee56e9bc807d8c /net/wireless/core.c | |
parent | c88f952026ab0b860451bdc88f43d73124a7302a (diff) | |
download | linux-776a39b8196dbca4afb69669db0d9926ffac29ab.tar.xz |
cfg80211: call cfg80211_destroy_ifaces() with wiphy lock held
This is needed since it calls into the driver, which must have the
same context as if we got to destroy an interface through nl80211.
Fix this, and add a direct lockdep assertion so we don't see it
pop up only when the driver calls back to cfg80211.
Fixes: a05829a7222e ("cfg80211: avoid holding the RTNL when calling the driver")
Reported-by: syzbot+4305e814f9b267131776@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20210128183454.d31df9cbd7ce.I1beb07c9492f0ade900e864a098c57041e7a7ebf@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/wireless/core.c')
-rw-r--r-- | net/wireless/core.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/wireless/core.c b/net/wireless/core.c index 200cd9f5fd5f..18f9a5c214b5 100644 --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -334,6 +334,7 @@ void cfg80211_destroy_ifaces(struct cfg80211_registered_device *rdev) struct wireless_dev *wdev, *tmp; ASSERT_RTNL(); + lockdep_assert_wiphy(&rdev->wiphy); list_for_each_entry_safe(wdev, tmp, &rdev->wiphy.wdev_list, list) { if (wdev->nl_owner_dead) @@ -349,7 +350,9 @@ static void cfg80211_destroy_iface_wk(struct work_struct *work) destroy_work); rtnl_lock(); + wiphy_lock(&rdev->wiphy); cfg80211_destroy_ifaces(rdev); + wiphy_unlock(&rdev->wiphy); rtnl_unlock(); } |