From: Dongliang Mu <mudongliangabcd@gmail.com>
To: Johannes Berg <johannes@sipsolutions.net>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
"Luis R. Rodriguez" <lrodriguez@atheros.com>,
"John W. Linville" <linville@tuxdriver.com>
Cc: Dongliang Mu <mudongliangabcd@gmail.com>,
syzbot+1638e7c770eef6b6c0d0@syzkaller.appspotmail.com,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] net: wireless: move the deallocation of regulatory domain to wiphy_free
Date: Mon, 26 Jul 2021 19:55:53 +0800 [thread overview]
Message-ID: <20210726115554.2258657-1-mudongliangabcd@gmail.com> (raw)
If wiphy_register fails or does not get called, which leads to
that, ieee80211_register_hw returns with an error. Then the error
handling code of mac80211_hwsim_new_radio does not free wiphy->regd.
Note that, the free stack trace of wiphy->regd is as follows:
ieee80211_unregister_hw()
-> wiphy_unregister()
-> wiphy_regulatory_deregister()
-> rcu_free_regdom()
Fix this by moving the free operation of regd from wiphy_unregister to
wiphy_free.
Reported-by: syzbot+1638e7c770eef6b6c0d0@syzkaller.appspotmail.com
Fixes: 3e0c3ff36c4c ("cfg80211: allow multiple driver regulatory_hints()")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
---
net/wireless/core.c | 3 +++
net/wireless/reg.c | 9 +++++----
net/wireless/reg.h | 1 +
3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 03323121ca50..2cc2bdddc9e8 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -1085,6 +1085,9 @@ void cfg80211_dev_free(struct cfg80211_registered_device *rdev)
void wiphy_free(struct wiphy *wiphy)
{
+ rcu_free_regdom(get_wiphy_regdom(wiphy));
+ RCU_INIT_POINTER(wiphy->regd, NULL);
+
put_device(&wiphy->dev);
}
EXPORT_SYMBOL(wiphy_free);
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index c2d0ff7f089f..246f882e0021 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -196,12 +196,16 @@ enum nl80211_dfs_regions reg_get_dfs_region(struct wiphy *wiphy)
return regd->dfs_region;
}
-static void rcu_free_regdom(const struct ieee80211_regdomain *r)
+/*
+ * Free the regulatory domain associated with the wiphy
+ */
+void rcu_free_regdom(const struct ieee80211_regdomain *r)
{
if (!r)
return;
kfree_rcu((struct ieee80211_regdomain *)r, rcu_head);
}
+EXPORT_SYMBOL(rcu_free_regdom);
static struct regulatory_request *get_last_request(void)
{
@@ -4064,9 +4068,6 @@ void wiphy_regulatory_deregister(struct wiphy *wiphy)
if (!reg_dev_ignore_cell_hint(wiphy))
reg_num_devs_support_basehint--;
- rcu_free_regdom(get_wiphy_regdom(wiphy));
- RCU_INIT_POINTER(wiphy->regd, NULL);
-
if (lr)
request_wiphy = wiphy_idx_to_wiphy(lr->wiphy_idx);
diff --git a/net/wireless/reg.h b/net/wireless/reg.h
index f3707f729024..03de4e5ece85 100644
--- a/net/wireless/reg.h
+++ b/net/wireless/reg.h
@@ -32,6 +32,7 @@ bool reg_is_valid_request(const char *alpha2);
bool is_world_regdom(const char *alpha2);
bool reg_supported_dfs_region(enum nl80211_dfs_regions dfs_region);
enum nl80211_dfs_regions reg_get_dfs_region(struct wiphy *wiphy);
+void rcu_free_regdom(const struct ieee80211_regdomain *r);
int regulatory_hint_user(const char *alpha2,
enum nl80211_user_reg_hint_type user_reg_hint_type);
--
2.25.1
reply other threads:[~2021-07-26 11:56 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210726115554.2258657-1-mudongliangabcd@gmail.com \
--to=mudongliangabcd@gmail.com \
--cc=davem@davemloft.net \
--cc=johannes@sipsolutions.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=lrodriguez@atheros.com \
--cc=netdev@vger.kernel.org \
--cc=syzbot+1638e7c770eef6b6c0d0@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.