This is a note to let you know that I've just added the patch titled
wifi: nl80211: hold wdev mutex for tid config
to the 5.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
wifi-nl80211-hold-wdev-mutex-for-tid-config.patch
and it can be found in the queue-5.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 206bbcf76121664e95a42e1c014c3fe168d07a3d Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@xxxxxxxxx>
Date: Mon, 27 Jun 2022 12:43:37 +0200
Subject: wifi: nl80211: hold wdev mutex for tid config
From: Johannes Berg <johannes.berg@xxxxxxxxx>
commit 206bbcf76121664e95a42e1c014c3fe168d07a3d upstream.
We need wdev_chandef() in this code, which now requires
the wdev mutex due to the per-link nature. Hold it here
to make sure we can access the link.
Reported-by: syzbot+b4e9aa0f32ffd9902442@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: 7b0a0e3c3a88 ("wifi: cfg80211: do some rework towards MLO link APIs")
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/wireless/nl80211.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -15285,6 +15285,8 @@ static int nl80211_set_tid_config(struct
if (info->attrs[NL80211_ATTR_MAC])
tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
+ wdev_lock(dev->ieee80211_ptr);
+
nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
rem_conf) {
ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
@@ -15306,6 +15308,7 @@ static int nl80211_set_tid_config(struct
bad_tid_conf:
kfree(tid_config);
+ wdev_unlock(dev->ieee80211_ptr);
return ret;
}
Patches currently in stable-queue which might be from johannes.berg@xxxxxxxxx are
queue-5.19/wifi-cfg80211-remove-chandef-check-in-cfg80211_cac_event.patch
queue-5.19/wifi-cfg80211-do-some-rework-towards-mlo-link-apis.patch
queue-5.19/wifi-mac80211-reject-wep-or-pairwise-keys-with-key-i.patch
queue-5.19/wifi-mac80211_hwsim-use-32-bit-skb-cookie.patch
queue-5.19/wifi-mac80211_hwsim-add-back-erroneously-removed-cast.patch
queue-5.19/wifi-mac80211-set-sta-deflink-addresses.patch
queue-5.19/wifi-mac80211-move-some-future-per-link-data-to-bss_.patch
queue-5.19/wifi-mac80211_hwsim-fix-race-condition-in-pending-packet.patch
queue-5.19/wifi-cfg80211-handle-ibss-in-channel-switch.patch
queue-5.19/wifi-nl80211-acquire-wdev-mutex-for-dump_survey.patch
queue-5.19/wifi-nl80211-hold-wdev-mutex-for-tid-config.patch
queue-5.19/wifi-nl80211-acquire-wdev-mutex-earlier-in-start_ap.patch
queue-5.19/wifi-nl80211-relax-wdev-mutex-check-in-wdev_chandef.patch
