wifi: mac80211: fix RCU list iterations

[ Upstream commit ac35180032fbc5d80b29af00ba4881815ceefcb6 ]

There are a number of places where RCU list iteration is
used, but that aren't (always) called with RCU held. Use
just list_for_each_entry() in most, and annotate iface
iteration with the required locks.

Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20240827094939.ed8ac0b2f897.I8443c9c3c0f8051841353491dae758021b53115e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index e6a7ff6ca6797a0581dcba3752e0a11e104fc2d6..db5675d24e488b624804d9029330be0728958ca9 100644 (file)
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -281,7 +281,9 @@ ieee80211_get_max_required_bw(struct ieee80211_link_data *link)
        enum nl80211_chan_width max_bw = NL80211_CHAN_WIDTH_20_NOHT;
        struct sta_info *sta;
 
-       list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
+       lockdep_assert_wiphy(sdata->local->hw.wiphy);
+
+       list_for_each_entry(sta, &sdata->local->sta_list, list) {
                if (sdata != sta->sdata &&
                    !(sta->sdata->bss && sta->sdata->bss == sdata->bss))
                        continue;

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 1faf4d7c115f0810c003f602ae6ce3f972fa009c..71cc5eb35bfcbd58c3b41f694d35d55285a7464d 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1020,7 +1020,7 @@ static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
                bool disable_mu_mimo = false;
                struct ieee80211_sub_if_data *other;
 
-               list_for_each_entry_rcu(other, &local->interfaces, list) {
+               list_for_each_entry(other, &local->interfaces, list) {
                        if (other->vif.bss_conf.mu_mimo_owner) {
                                disable_mu_mimo = true;
                                break;

diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 1c5d99975ad04df28770225c9cbcfe0371828ed8..3b2bde6360bcb6a0d4e2e7db759de1d81748c4c8 100644 (file)
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -504,7 +504,7 @@ static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
         * the scan was in progress; if there was none this will
         * just be a no-op for the particular interface.
         */
-       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+       list_for_each_entry(sdata, &local->interfaces, list) {
                if (ieee80211_sdata_running(sdata))
                        wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
        }

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index c11dbe82ae1b3001865c56bf792f4b1dafa485b6..d10e0c528c1bf4a267f3db7ba5000a7e5ea3dbda 100644 (file)
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -751,7 +751,9 @@ static void __iterate_interfaces(struct ieee80211_local *local,
        struct ieee80211_sub_if_data *sdata;
        bool active_only = iter_flags & IEEE80211_IFACE_ITER_ACTIVE;
 
-       list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+       list_for_each_entry_rcu(sdata, &local->interfaces, list,
+                               lockdep_is_held(&local->iflist_mtx) ||
+                               lockdep_is_held(&local->hw.wiphy->mtx)) {
                switch (sdata->vif.type) {
                case NL80211_IFTYPE_MONITOR:
                        if (!(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE))