As really I expected, a number of issues were reported just now by
syzbot, and while looking I found one more. Fix them.
From: Johannes Berg <[email protected]>
Similar to the previous commit, we need to hold the wiphy lock
here. There's a second instance that is correct already, fix
this one as well.
Fixes: a05829a7222e ("cfg80211: avoid holding the RTNL when calling the driver")
Signed-off-by: Johannes Berg <[email protected]>
---
net/wireless/wext-compat.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c
index 0c6ea6212496..a8320dc59af7 100644
--- a/net/wireless/wext-compat.c
+++ b/net/wireless/wext-compat.c
@@ -655,6 +655,7 @@ static int cfg80211_wext_siwencodeext(struct net_device *dev,
bool remove = false;
struct key_params params;
u32 cipher;
+ int ret;
if (wdev->iftype != NL80211_IFTYPE_STATION &&
wdev->iftype != NL80211_IFTYPE_ADHOC)
@@ -726,12 +727,16 @@ static int cfg80211_wext_siwencodeext(struct net_device *dev,
params.seq_len = 6;
}
- return cfg80211_set_encryption(
+ wiphy_lock(wdev->wiphy);
+ ret = cfg80211_set_encryption(
rdev, dev,
!(ext->ext_flags & IW_ENCODE_EXT_GROUP_KEY),
addr, remove,
ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY,
idx, ¶ms);
+ wiphy_unlock(wdev->wiphy);
+
+ return ret;
}
static int cfg80211_wext_giwencode(struct net_device *dev,
--
2.26.2