Commit 61405e97 authored by Luis R. Rodriguez's avatar Luis R. Rodriguez Committed by John W. Linville
Browse files

cfg80211: fix in nl80211_set_reg()



There is a race on access to last_request and its alpha2
through reg_is_valid_request() and us possibly processing
first another regulatory request on another CPU. We avoid
this improbably race by locking with the cfg80211_mutex as
we should have done in the first place. While at it add
the assert on locking on reg_is_valid_request().

Cc: stable@kernel.org
Signed-off-by: default avatarLuis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent d0e18f83
...@@ -2570,6 +2570,8 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) ...@@ -2570,6 +2570,8 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
return -EINVAL; return -EINVAL;
} }
mutex_lock(&cfg80211_mutex);
if (!reg_is_valid_request(alpha2)) { if (!reg_is_valid_request(alpha2)) {
r = -EINVAL; r = -EINVAL;
goto bad_reg; goto bad_reg;
...@@ -2607,13 +2609,14 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) ...@@ -2607,13 +2609,14 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
BUG_ON(rule_idx != num_rules); BUG_ON(rule_idx != num_rules);
mutex_lock(&cfg80211_mutex);
r = set_regdom(rd); r = set_regdom(rd);
mutex_unlock(&cfg80211_mutex); mutex_unlock(&cfg80211_mutex);
return r; return r;
bad_reg: bad_reg:
mutex_unlock(&cfg80211_mutex);
kfree(rd); kfree(rd);
return r; return r;
} }
......
...@@ -382,6 +382,8 @@ static int call_crda(const char *alpha2) ...@@ -382,6 +382,8 @@ static int call_crda(const char *alpha2)
/* Used by nl80211 before kmalloc'ing our regulatory domain */ /* Used by nl80211 before kmalloc'ing our regulatory domain */
bool reg_is_valid_request(const char *alpha2) bool reg_is_valid_request(const char *alpha2)
{ {
assert_cfg80211_lock();
if (!last_request) if (!last_request)
return false; return false;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment