Commit bae17356 authored by Johannes Berg's avatar Johannes Berg
Browse files

wext: call cfg80211_change_iface() with wiphy lock held 



This is needed now that all the driver callbacks are protected by
the wiphy lock rather than (just) the RTNL.

Fixes: a05829a7 ("cfg80211: avoid holding the RTNL when calling the driver")
Reported-by: default avatar <syzbot+d2d412349f88521938aa@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/r/20210128183454.e81bc6789b4b.I5deb8b6bfdc8b4ea7696cb2447ee6c58c7ce9a4e@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 0391a45c

net/wireless/wext-compat.c

+6 −1
Original line number Diff line number Diff line
@@ -39,6 +39,7 @@ int cfg80211_wext_siwmode(struct net_device *dev, struct iw_request_info *info, 
	struct cfg80211_registered_device *rdev;

	struct vif_params vifparams;

	enum nl80211_iftype type;

	int ret;



	rdev = wiphy_to_rdev(wdev->wiphy);
@@ -61,7 +62,11 @@ int cfg80211_wext_siwmode(struct net_device *dev, struct iw_request_info *info, 


	memset(&vifparams, 0, sizeof(vifparams));



	return cfg80211_change_iface(rdev, dev, type, &vifparams);

	wiphy_lock(wdev->wiphy);

	ret = cfg80211_change_iface(rdev, dev, type, &vifparams);

	wiphy_unlock(wdev->wiphy);



	return ret;

}

EXPORT_WEXT_HANDLER(cfg80211_wext_siwmode);