[PATCH net-next v2 02/13] wifi: cfg80211: use __rtnl_unlock in nl80211_pre_doit

Next message: Stanislav Fomichev: "[PATCH net-next v2 01/13] net: add address list snapshot and reconciliation infrastructure"
Previous message: Simon Horman: "Re: [net-next,1/4] octeontx2-af: npa: cn20k: Add NPA Halo support"
In reply to: Loktionov, Aleksandr: "RE: [Intel-wired-lan] [PATCH net-next v2 05/13] fbnic: convert to ndo_set_rx_mode_async"
Next in thread: Loktionov, Aleksandr: "RE: [Intel-wired-lan] [PATCH net-next v2 02/13] wifi: cfg80211: use __rtnl_unlock in nl80211_pre_doit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stanislav Fomichev

Date: Wed Mar 18 2026 - 11:44:43 EST

nl80211_pre_doit acquires rtnl_lock and then wiphy_lock, releasing
rtnl while keeping wiphy_lock held until post_doit. With the
introduction of rx_mode_wq and its flush in netdev_run_todo, calling
rtnl_unlock here creates a circular lock dependency:

Chain exists of:
(wq_completion)rx_mode_wq --> rtnl_mutex --> &rdev->wiphy.mtx

Possible unsafe locking scenario:

CPU0 CPU1
---- ----
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
lock(&rdev->wiphy.mtx);
lock((wq_completion)rx_mode_wq);

Switch to __rtnl_unlock to skip netdev_run_todo in nl80211_pre_doit.
This seems safe because we run before the op.

Link: http://lore.kernel.org/netdev/69b5ad67.a00a0220.3b25d1.001a.GAE@xxxxxxxxxx
Signed-off-by: Stanislav Fomichev <sdf@xxxxxxxxxxx>
---
net/wireless/nl80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 2225f5d0b124..ce5f25d4c87e 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -18192,7 +18192,7 @@ static int nl80211_pre_doit(const struct genl_split_ops *ops,
__release(&rdev->wiphy.mtx);
}
if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
- rtnl_unlock();
+ __rtnl_unlock();

return 0;
out_unlock:
--
2.53.0