commit e487eaeb076a44c69dc61348cbc903151bb8fcbd
author Simon Wunderlich <sw@simonwunderlich.de> Thu Nov 21 18:19:51 2013 +0100
committer Johannes Berg <johannes.berg@intel.com> Mon Dec 02 11:51:54 2013 +0100
tree 715d57f18ec0f3e3565a711f43248a3b8c8a42eb
parent 7ca133bc7f9dd5cee2b469eb917bd352be80a690

cfg80211/mac80211/ath6kl: acquire wdev lock outside ch_switch_notify

The channel switch notification should be sent under the
wdev/sdata-lock, preferably in the same moment as the channel change
happens, to avoid races by other callers (e.g. start/stop_ap).
This also adds the previously missing sdata_lock protection in
csa_finalize_work.

Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

net/wireless/nl80211.c

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 398756c..95882a7 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -10821,21 +10821,18 @@
 	struct wiphy *wiphy = wdev->wiphy;
 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
 
-	trace_cfg80211_ch_switch_notify(dev, chandef);
+	ASSERT_WDEV_LOCK(wdev);
 
-	wdev_lock(wdev);
+	trace_cfg80211_ch_switch_notify(dev, chandef);
 
 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
 		    wdev->iftype != NL80211_IFTYPE_ADHOC &&
 		    wdev->iftype != NL80211_IFTYPE_MESH_POINT))
-		goto out;
+		return;
 
 	wdev->channel = chandef->chan;
 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
-out:
-	wdev_unlock(wdev);
-	return;
 }
 EXPORT_SYMBOL(cfg80211_ch_switch_notify);