Commit 194ff52d authored by Johannes Berg's avatar Johannes Berg

cfg80211/mac80211: correct qos-map locking

Since the RTNL can't always be held, use wdev/sdata locking for
the qos-map dereference in mac80211. This requires cfg80211 to
consistently lock it, which it was missing in one place.
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 32db6b54
...@@ -3854,7 +3854,7 @@ static int ieee80211_set_qos_map(struct wiphy *wiphy, ...@@ -3854,7 +3854,7 @@ static int ieee80211_set_qos_map(struct wiphy *wiphy,
new_qos_map = NULL; new_qos_map = NULL;
} }
old_qos_map = rtnl_dereference(sdata->qos_map); old_qos_map = sdata_dereference(sdata->qos_map, sdata);
rcu_assign_pointer(sdata->qos_map, new_qos_map); rcu_assign_pointer(sdata->qos_map, new_qos_map);
if (old_qos_map) if (old_qos_map)
kfree_rcu(old_qos_map, rcu_head); kfree_rcu(old_qos_map, rcu_head);
......
...@@ -879,7 +879,9 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev, ...@@ -879,7 +879,9 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev,
dev->ieee80211_ptr->use_4addr = false; dev->ieee80211_ptr->use_4addr = false;
dev->ieee80211_ptr->mesh_id_up_len = 0; dev->ieee80211_ptr->mesh_id_up_len = 0;
wdev_lock(dev->ieee80211_ptr);
rdev_set_qos_map(rdev, dev, NULL); rdev_set_qos_map(rdev, dev, NULL);
wdev_unlock(dev->ieee80211_ptr);
switch (otype) { switch (otype) {
case NL80211_IFTYPE_AP: case NL80211_IFTYPE_AP:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment