wext: call cfg80211_change_iface() with wiphy lock held

This is needed now that all the driver callbacks are protected by the wiphy lock rather than (just) the RTNL. Fixes: a05829a ("cfg80211: avoid holding the RTNL when calling the driver") Reported-by: syzbot+d2d412349f88521938aa@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20210128183454.e81bc6789b4b.I5deb8b6bfdc8b4ea7696cb2447ee6c58c7ce9a4e@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mariux64 · Jan 28, 2021 · bae1735 · bae1735
1 parent 0391a45
commit bae1735
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c
@@ -39,6 +39,7 @@ int cfg80211_wext_siwmode(struct net_device *dev, struct iw_request_info *info,
 	struct cfg80211_registered_device *rdev;
 	struct vif_params vifparams;
 	enum nl80211_iftype type;
+	int ret;
 
 	rdev = wiphy_to_rdev(wdev->wiphy);
 
@@ -61,7 +62,11 @@ int cfg80211_wext_siwmode(struct net_device *dev, struct iw_request_info *info,
 
 	memset(&vifparams, 0, sizeof(vifparams));
 
-	return cfg80211_change_iface(rdev, dev, type, &vifparams);
+	wiphy_lock(wdev->wiphy);
+	ret = cfg80211_change_iface(rdev, dev, type, &vifparams);
+	wiphy_unlock(wdev->wiphy);
+
+	return ret;
 }
 EXPORT_WEXT_HANDLER(cfg80211_wext_siwmode);