aboutsummaryrefslogtreecommitdiffstats
path: root/net/wireless
diff options
context:
space:
mode:
authorLuis R. Rodriguez <lrodriguez@atheros.com>2009-05-13 17:04:41 -0400
committerJohn W. Linville <linville@tuxdriver.com>2009-05-20 14:46:32 -0400
commit61405e97788b1bc4e7c5be5b4ec04a73fc11bac2 (patch)
tree468b4283c9b7b42ccd3423ab1e3ed25cb4dc16a5 /net/wireless
parentd0e18f833d23afefb6751a21d14a2cd71d2d4d66 (diff)
cfg80211: fix in nl80211_set_reg()
There is a race on access to last_request and its alpha2 through reg_is_valid_request() and us possibly processing first another regulatory request on another CPU. We avoid this improbably race by locking with the cfg80211_mutex as we should have done in the first place. While at it add the assert on locking on reg_is_valid_request(). Cc: stable@kernel.org Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless')
-rw-r--r--net/wireless/nl80211.c5
-rw-r--r--net/wireless/reg.c2
2 files changed, 6 insertions, 1 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 66e0fb6a6420..632504060789 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2570,6 +2570,8 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
2570 return -EINVAL; 2570 return -EINVAL;
2571 } 2571 }
2572 2572
2573 mutex_lock(&cfg80211_mutex);
2574
2573 if (!reg_is_valid_request(alpha2)) { 2575 if (!reg_is_valid_request(alpha2)) {
2574 r = -EINVAL; 2576 r = -EINVAL;
2575 goto bad_reg; 2577 goto bad_reg;
@@ -2607,13 +2609,14 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
2607 2609
2608 BUG_ON(rule_idx != num_rules); 2610 BUG_ON(rule_idx != num_rules);
2609 2611
2610 mutex_lock(&cfg80211_mutex);
2611 r = set_regdom(rd); 2612 r = set_regdom(rd);
2613
2612 mutex_unlock(&cfg80211_mutex); 2614 mutex_unlock(&cfg80211_mutex);
2613 2615
2614 return r; 2616 return r;
2615 2617
2616 bad_reg: 2618 bad_reg:
2619 mutex_unlock(&cfg80211_mutex);
2617 kfree(rd); 2620 kfree(rd);
2618 return r; 2621 return r;
2619} 2622}
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 48db569d4c6b..8d176a8010ba 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -382,6 +382,8 @@ static int call_crda(const char *alpha2)
382/* Used by nl80211 before kmalloc'ing our regulatory domain */ 382/* Used by nl80211 before kmalloc'ing our regulatory domain */
383bool reg_is_valid_request(const char *alpha2) 383bool reg_is_valid_request(const char *alpha2)
384{ 384{
385 assert_cfg80211_lock();
386
385 if (!last_request) 387 if (!last_request)
386 return false; 388 return false;
387 389