wifi: cfg80211: hold wiphy lock in auto-disconnect

[ Upstream commit e9da6df7492a981b071bafd169fb4c35b45f5ebf ]

Most code paths in cfg80211 already hold the wiphy lock,
mostly by virtue of being called from nl80211, so make
the auto-disconnect worker also hold it, aligning the
locking promises between different parts of cfg80211.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Stable-dep-of: 37c20b2effe9 ("wifi: cfg80211: fix cqm_config access race")
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/wireless/core.c b/net/wireless/core.c
index 609b79f..9ac7c54 100644 (file)
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -1162,10 +1162,6 @@ static void _cfg80211_unregister_wdev(struct wireless_dev *wdev,
        kfree_sensitive(wdev->wext.keys);
        wdev->wext.keys = NULL;
 #endif
-       /* only initialized if we have a netdev */
-       if (wdev->netdev)
-               flush_work(&wdev->disconnect_wk);
-
        cfg80211_cqm_config_free(wdev);
 
        /*
@@ -1439,6 +1435,8 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                cfg80211_leave(rdev, wdev);
                cfg80211_remove_links(wdev);
                wiphy_unlock(&rdev->wiphy);
+               /* since we just did cfg80211_leave() nothing to do there */
+               cancel_work_sync(&wdev->disconnect_wk);
                break;
        case NETDEV_DOWN:
                wiphy_lock(&rdev->wiphy);

diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 6e87d2c..b978342 100644 (file)
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -5,7 +5,7 @@
  * (for nl80211's connect() and wext)
  *
  * Copyright 2009      Johannes Berg <johannes@sipsolutions.net>
- * Copyright (C) 2009, 2020, 2022 Intel Corporation. All rights reserved.
+ * Copyright (C) 2009, 2020, 2022-2023 Intel Corporation. All rights reserved.
  * Copyright 2017      Intel Deutschland GmbH
  */
 
@@ -1555,6 +1555,7 @@ void cfg80211_autodisconnect_wk(struct work_struct *work)
                container_of(work, struct wireless_dev, disconnect_wk);
        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
 
+       wiphy_lock(wdev->wiphy);
        wdev_lock(wdev);
 
        if (wdev->conn_owner_nlportid) {
@@ -1593,4 +1594,5 @@ void cfg80211_autodisconnect_wk(struct work_struct *work)
        }
 
        wdev_unlock(wdev);
+       wiphy_unlock(wdev->wiphy);
 }