cfg80211: protect beacon changing functions with wdev-lock

To avoid race conditions in functions which modify the beacon information, lock these using the wdev lock. This is especially required to avoid problems for csa handling functions which modify beacons but can not be called under rtnl lock. Reported-by: N Johannes Berg <johannes@sipsolutions.net> Signed-off-by: N Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: N Johannes Berg <johannes.berg@intel.com>

cfg80211: protect beacon changing functions with wdev-lock
To avoid race conditions in functions which modify the beacon information, lock these using the wdev lock. This is especially required to avoid problems for csa handling functions which modify beacons but can not be called under rtnl lock. Reported-by: N Johannes Berg <johannes@sipsolutions.net> Signed-off-by: N Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: N Johannes Berg <johannes.berg@intel.com>
c56589ed · Simon Wunderlich · Johannes Berg · ce953204 · c56589ed
隐藏空白更改
内联并排

Showing with 19 addition and 3 deletion

net/wireless/nl80211.c net/wireless/nl80211.c +19 -3

未找到文件。
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3218,6 +3218,7 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
 			return PTR_ERR(params.acl);
 	}
+	wdev_lock(wdev);
 	err = rdev_start_ap(rdev, dev, &params);
 	if (!err) {
 		wdev->preset_chandef = params.chandef;
@@ -3226,6 +3227,7 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
 		wdev->ssid_len = params.ssid_len;
 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
 	}
+	wdev_unlock(wdev);
 	kfree(params.acl);
@@ -3254,7 +3256,11 @@ static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
 	if (err)
 		return err;
-	return rdev_change_beacon(rdev, dev, &params);
+	wdev_lock(wdev);
+	err = rdev_change_beacon(rdev, dev, &params);
+	wdev_unlock(wdev);
+	return err;
 }
 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
@@ -4460,7 +4466,9 @@ static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
 {
 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
 	struct net_device *dev = info->user_ptr[1];
+	struct wireless_dev *wdev = dev->ieee80211_ptr;
 	struct bss_parameters params;
+	int err;
 	memset(&params, 0, sizeof(params));
 	/* default to not changing parameters */
@@ -4526,7 +4534,11 @@ static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
 		return -EOPNOTSUPP;
-	return rdev_change_bss(rdev, dev, &params);
+	wdev_lock(wdev);
+	err = rdev_change_bss(rdev, dev, &params);
+	wdev_unlock(wdev);
+	return err;
 }
 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
@@ -5791,7 +5803,11 @@ static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
 		params.block_tx = true;
-	return rdev_channel_switch(rdev, dev, &params);
+	wdev_lock(wdev);
+	err = rdev_channel_switch(rdev, dev, &params);
+	wdev_unlock(wdev);
+	return err;
 }
 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,