Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 6913b49a5071064f49f7a74b432286fa735f7612^! / . / net / wireless / reg.c
commit6913b49a5071064f49f7a74b432286fa735f7612[log] [tgz]
authorJohannes Berg <johannes.berg@intel.com>Tue Dec 04 00:48:59 2012 +0100
committerJohannes Berg <johannes.berg@intel.com>Thu Jan 03 13:01:28 2013 +0100
tree15b54b8dd9d5eef07e8a9366b3f9e391043499f1
parent540f6f2cc545da9ae2baa9faa3152fc550bedb57 [diff] [blame]
regulatory: fix reg_is_valid_request handling

There's a bug with the world regulatory domain, it
can be updated any time which is different from all
other regdomains that can only be updated once after
a request for them. Fix this by adding a check for
"processed" to the reg_is_valid_request() function
and clear that when doing a request.

While looking at this I also found another locking
bug, last_request is protected by the reg_mutex not
the cfg80211_mutex so the code in nl80211 is racy.
Remove that code as it only tries to prevent an
allocation in an error case, which isn't necessary.
Then the function can also become static and locking
in nl80211 can have a smaller scope.

Also change __set_regdom() to do the checks earlier
and not different for world/other regdomains.

Acked-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 752729e..b3f94c9 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c

@@ -425,12 +425,16 @@
 	return kobject_uevent(&reg_pdev->dev.kobj, KOBJ_CHANGE);
 }
 
-/* Used by nl80211 before kmalloc'ing our regulatory domain */
-bool reg_is_valid_request(const char *alpha2)
+static bool reg_is_valid_request(const char *alpha2)
 {
+	assert_reg_lock();
+
 	if (!last_request)
 		return false;
 
+	if (last_request->processed)
+		return false;
+
 	return alpha2_equal(last_request->alpha2, alpha2);
 }
 
@@ -1470,6 +1474,7 @@
 
 	last_request = pending_request;
 	last_request->intersect = intersect;
+	last_request->processed = false;
 
 	pending_request = NULL;
 
@@ -2060,11 +2065,13 @@
 	const struct ieee80211_regdomain *regd;
 	const struct ieee80211_regdomain *intersected_rd = NULL;
 	struct wiphy *request_wiphy;
+
 	/* Some basic sanity checks first */
 
+	if (!reg_is_valid_request(rd->alpha2))
+		return -EINVAL;
+
 	if (is_world_regdom(rd->alpha2)) {
-		if (WARN_ON(!reg_is_valid_request(rd->alpha2)))
-			return -EINVAL;
 		update_world_regdomain(rd);
 		return 0;
 	}
@@ -2073,9 +2080,6 @@
 	    !is_unknown_alpha2(rd->alpha2))
 		return -EINVAL;
 
-	if (!last_request)
-		return -EINVAL;
-
 	/*
 	 * Lets only bother proceeding on the same alpha2 if the current
 	 * rd is non static (it means CRDA was present and was used last)
@@ -2097,9 +2101,6 @@
 	 * internal EEPROM data
 	 */
 
-	if (WARN_ON(!reg_is_valid_request(rd->alpha2)))
-		return -EINVAL;
-
 	if (!is_valid_rd(rd)) {
 		pr_err("Invalid regulatory domain detected:\n");
 		print_regdomain_info(rd);