diff options
author | Luis R. Rodriguez <lrodriguez@atheros.com> | 2009-05-13 17:04:41 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2009-05-20 14:46:32 -0400 |
commit | 61405e97788b1bc4e7c5be5b4ec04a73fc11bac2 (patch) | |
tree | 468b4283c9b7b42ccd3423ab1e3ed25cb4dc16a5 /net/wireless | |
parent | d0e18f833d23afefb6751a21d14a2cd71d2d4d66 (diff) |
cfg80211: fix in nl80211_set_reg()
There is a race on access to last_request and its alpha2
through reg_is_valid_request() and us possibly processing
first another regulatory request on another CPU. We avoid
this improbably race by locking with the cfg80211_mutex as
we should have done in the first place. While at it add
the assert on locking on reg_is_valid_request().
Cc: stable@kernel.org
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless')
-rw-r--r-- | net/wireless/nl80211.c | 5 | ||||
-rw-r--r-- | net/wireless/reg.c | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 66e0fb6a6420..632504060789 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
@@ -2570,6 +2570,8 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) | |||
2570 | return -EINVAL; | 2570 | return -EINVAL; |
2571 | } | 2571 | } |
2572 | 2572 | ||
2573 | mutex_lock(&cfg80211_mutex); | ||
2574 | |||
2573 | if (!reg_is_valid_request(alpha2)) { | 2575 | if (!reg_is_valid_request(alpha2)) { |
2574 | r = -EINVAL; | 2576 | r = -EINVAL; |
2575 | goto bad_reg; | 2577 | goto bad_reg; |
@@ -2607,13 +2609,14 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) | |||
2607 | 2609 | ||
2608 | BUG_ON(rule_idx != num_rules); | 2610 | BUG_ON(rule_idx != num_rules); |
2609 | 2611 | ||
2610 | mutex_lock(&cfg80211_mutex); | ||
2611 | r = set_regdom(rd); | 2612 | r = set_regdom(rd); |
2613 | |||
2612 | mutex_unlock(&cfg80211_mutex); | 2614 | mutex_unlock(&cfg80211_mutex); |
2613 | 2615 | ||
2614 | return r; | 2616 | return r; |
2615 | 2617 | ||
2616 | bad_reg: | 2618 | bad_reg: |
2619 | mutex_unlock(&cfg80211_mutex); | ||
2617 | kfree(rd); | 2620 | kfree(rd); |
2618 | return r; | 2621 | return r; |
2619 | } | 2622 | } |
diff --git a/net/wireless/reg.c b/net/wireless/reg.c index 48db569d4c6b..8d176a8010ba 100644 --- a/net/wireless/reg.c +++ b/net/wireless/reg.c | |||
@@ -382,6 +382,8 @@ static int call_crda(const char *alpha2) | |||
382 | /* Used by nl80211 before kmalloc'ing our regulatory domain */ | 382 | /* Used by nl80211 before kmalloc'ing our regulatory domain */ |
383 | bool reg_is_valid_request(const char *alpha2) | 383 | bool reg_is_valid_request(const char *alpha2) |
384 | { | 384 | { |
385 | assert_cfg80211_lock(); | ||
386 | |||
385 | if (!last_request) | 387 | if (!last_request) |
386 | return false; | 388 | return false; |
387 | 389 | ||