diff options
| author |   Johannes Berg <johannes.berg@intel.com> | 2022-06-27 12:43:37 +0200 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2022-07-01 11:14:04 +0200 |
| commit | 206bbcf76121664e95a42e1c014c3fe168d07a3d (patch) | |
| tree | ceec21aa407037e9d19df6f5c45f179776626657 /net/wireless/nl80211.c | |
| parent | wifi: cfg80211: handle IBSS in channel switch (diff) | |
| download | linux-dev-206bbcf76121664e95a42e1c014c3fe168d07a3d.tar.xz linux-dev-206bbcf76121664e95a42e1c014c3fe168d07a3d.zip | |
wifi: nl80211: hold wdev mutex for tid config
We need wdev_chandef() in this code, which now requires
the wdev mutex due to the per-link nature. Hold it here
to make sure we can access the link.
Reported-by: syzbot+b4e9aa0f32ffd9902442@syzkaller.appspotmail.com
Fixes: 7b0a0e3c3a88 ("wifi: cfg80211: do some rework towards MLO link APIs")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/wireless/nl80211.c')
| -rw-r--r-- | net/wireless/nl80211.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index efdf0148a8fa..1b24befb9007 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -15433,6 +15433,8 @@ static int nl80211_set_tid_config(struct sk_buff *skb, if (info->attrs[NL80211_ATTR_MAC]) tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]); + wdev_lock(dev->ieee80211_ptr); + nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG], rem_conf) { ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX, @@ -15454,6 +15456,7 @@ static int nl80211_set_tid_config(struct sk_buff *skb, bad_tid_conf: kfree(tid_config); + wdev_unlock(dev->ieee80211_ptr); return ret; } |