wifi: mac80211: ethtool: always hold wiphy mutex

Drivers should really be able to rely on the wiphy mutex
being held all the time, unless otherwise documented. For
ethtool, that wasn't quite right. Fix and clarify this in
both code and documentation.

Reported-by: syzbot+c12a771b218dcbba32e1@syzkaller.appspotmail.com
Fixes: 0e8185ce1dde ("wifi: mac80211: check wiphy mutex in ops")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 8d993f6ab91938147c3476b7cfa97651aca919ff..0f6390865fe7a9ea8c6162c58feb346119d88676 100644 (file)
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -4067,11 +4067,15 @@ struct ieee80211_prep_tx_info {
  *     This callback must be atomic.
  *
  * @get_et_sset_count:  Ethtool API to get string-set count.
+ *     Note that the wiphy mutex is not held for this callback since it's
+ *     expected to return a static value.
  *
  * @get_et_stats:  Ethtool API to get a set of u64 stats.
  *
  * @get_et_strings:  Ethtool API to get a set of strings to describe stats
  *     and perhaps other supported types of ethtool data-sets.
+ *     Note that the wiphy mutex is not held for this callback since it's
+ *     expected to return a static value.
  *
  * @mgd_prepare_tx: Prepare for transmitting a management frame for association
  *     before associated. In multi-channel scenarios, a virtual interface is

diff --git a/net/mac80211/ethtool.c b/net/mac80211/ethtool.c
index 9894d2024470d0bb494ac179df9ed7d50f480858..99f6174a9d69654d7d7a11ab5551cd3c497ad135 100644 (file)
--- a/net/mac80211/ethtool.c
+++ b/net/mac80211/ethtool.c
@@ -19,11 +19,16 @@ static int ieee80211_set_ringparam(struct net_device *dev,
                                   struct netlink_ext_ack *extack)
 {
        struct ieee80211_local *local = wiphy_priv(dev->ieee80211_ptr->wiphy);
+       int ret;
 
        if (rp->rx_mini_pending != 0 || rp->rx_jumbo_pending != 0)
                return -EINVAL;
 
-       return drv_set_ringparam(local, rp->tx_pending, rp->rx_pending);
+       wiphy_lock(local->hw.wiphy);
+       ret = drv_set_ringparam(local, rp->tx_pending, rp->rx_pending);
+       wiphy_unlock(local->hw.wiphy);
+
+       return ret;
 }
 
 static void ieee80211_get_ringparam(struct net_device *dev,
@@ -35,8 +40,10 @@ static void ieee80211_get_ringparam(struct net_device *dev,
 
        memset(rp, 0, sizeof(*rp));
 
+       wiphy_lock(local->hw.wiphy);
        drv_get_ringparam(local, &rp->tx_pending, &rp->tx_max_pending,
                          &rp->rx_pending, &rp->rx_max_pending);
+       wiphy_unlock(local->hw.wiphy);
 }
 
 static const char ieee80211_gstrings_sta_stats[][ETH_GSTRING_LEN] = {