summaryrefslogtreecommitdiff
path: root/net/wireless/core.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2021-01-28 20:35:28 +0300
committerJohannes Berg <johannes.berg@intel.com>2021-01-28 21:11:11 +0300
commit776a39b8196dbca4afb69669db0d9926ffac29ab (patch)
treeb58e12f03b492604c7d4c938b0ee56e9bc807d8c /net/wireless/core.c
parentc88f952026ab0b860451bdc88f43d73124a7302a (diff)
downloadlinux-776a39b8196dbca4afb69669db0d9926ffac29ab.tar.xz
cfg80211: call cfg80211_destroy_ifaces() with wiphy lock held
This is needed since it calls into the driver, which must have the same context as if we got to destroy an interface through nl80211. Fix this, and add a direct lockdep assertion so we don't see it pop up only when the driver calls back to cfg80211. Fixes: a05829a7222e ("cfg80211: avoid holding the RTNL when calling the driver") Reported-by: syzbot+4305e814f9b267131776@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20210128183454.d31df9cbd7ce.I1beb07c9492f0ade900e864a098c57041e7a7ebf@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/wireless/core.c')
-rw-r--r--net/wireless/core.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 200cd9f5fd5f..18f9a5c214b5 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -334,6 +334,7 @@ void cfg80211_destroy_ifaces(struct cfg80211_registered_device *rdev)
struct wireless_dev *wdev, *tmp;
ASSERT_RTNL();
+ lockdep_assert_wiphy(&rdev->wiphy);
list_for_each_entry_safe(wdev, tmp, &rdev->wiphy.wdev_list, list) {
if (wdev->nl_owner_dead)
@@ -349,7 +350,9 @@ static void cfg80211_destroy_iface_wk(struct work_struct *work)
destroy_work);
rtnl_lock();
+ wiphy_lock(&rdev->wiphy);
cfg80211_destroy_ifaces(rdev);
+ wiphy_unlock(&rdev->wiphy);
rtnl_unlock();
}