Commit 776a39b8 authored by Johannes Berg's avatar Johannes Berg

cfg80211: call cfg80211_destroy_ifaces() with wiphy lock held

This is needed since it calls into the driver, which must have the
same context as if we got to destroy an interface through nl80211.
Fix this, and add a direct lockdep assertion so we don't see it
pop up only when the driver calls back to cfg80211.

Fixes: a05829a7 ("cfg80211: avoid holding the RTNL when calling the driver")
Reported-by: syzbot+4305e814f9b267131776@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20210128183454.d31df9cbd7ce.I1beb07c9492f0ade900e864a098c57041e7a7ebf@changeidSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent c88f9520
...@@ -334,6 +334,7 @@ void cfg80211_destroy_ifaces(struct cfg80211_registered_device *rdev) ...@@ -334,6 +334,7 @@ void cfg80211_destroy_ifaces(struct cfg80211_registered_device *rdev)
struct wireless_dev *wdev, *tmp; struct wireless_dev *wdev, *tmp;
ASSERT_RTNL(); ASSERT_RTNL();
lockdep_assert_wiphy(&rdev->wiphy);
list_for_each_entry_safe(wdev, tmp, &rdev->wiphy.wdev_list, list) { list_for_each_entry_safe(wdev, tmp, &rdev->wiphy.wdev_list, list) {
if (wdev->nl_owner_dead) if (wdev->nl_owner_dead)
...@@ -349,7 +350,9 @@ static void cfg80211_destroy_iface_wk(struct work_struct *work) ...@@ -349,7 +350,9 @@ static void cfg80211_destroy_iface_wk(struct work_struct *work)
destroy_work); destroy_work);
rtnl_lock(); rtnl_lock();
wiphy_lock(&rdev->wiphy);
cfg80211_destroy_ifaces(rdev); cfg80211_destroy_ifaces(rdev);
wiphy_unlock(&rdev->wiphy);
rtnl_unlock(); rtnl_unlock();
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment