mac80211: fix locking in ieee80211_start_ap error path

jmberg-intel · gregkh · commit c1d1ec4db5f7 · 2021-12-29T12:28:58.000+01:00
commit 87a2706 upstream. We need to hold the local->mtx to release the channel context, as even encoded by the lockdep_assert_held() there. Fix it. Cc: stable@vger.kernel.org Fixes: 295b02c ("mac80211: Add FILS discovery support") Reported-and-tested-by: syzbot+11c342e5e30e9539cabd@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20211220090836.cee3d59a1915.I36bba9b79dc2ff4d57c3c7aa30dff9a003fe8c5c@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
@@ -1226,7 +1226,10 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
 	return 0;
 
 error:
+	mutex_lock(&local->mtx);
 	ieee80211_vif_release_channel(sdata);
+	mutex_unlock(&local->mtx);
+
 	return err;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1226,7 +1226,10 @@ static int ieee80211_start_ap(struct wiphy wiphy, struct net_device dev,`
`1226`	`1226`	`return 0;`
`1227`	`1227`
`1228`	`1228`	`error:`
	`1229`	`+ mutex_lock(&local->mtx);`
`1229`	`1230`	`ieee80211_vif_release_channel(sdata);`
	`1231`	`+ mutex_unlock(&local->mtx);`
	`1232`	`+`
`1230`	`1233`	`return err;`
`1231`	`1234`	`}`
`1232`	`1235`