1. Patchew
  2. linux
  3. View series

[PATCH] wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power()

Ziyi Guo posted 1 patch 2 weeks, 1 day ago 
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power()
Posted by Ziyi Guo 2 weeks, 1 day ago 
il4965_store_tx_power() calls il_set_tx_power() without holding il->mutex.
However, il_set_tx_power() has lockdep_assert_held(&il->mutex) indicating
that callers must hold this lock.

All other callers of il_set_tx_power() properly acquire the mutex:
- il_bg_scan_completed() acquires mutex at common.c:1683
- il_mac_config() acquires mutex at common.c:5006
- il3945_commit_rxon() and il4965_commit_rxon() are called via work
  queues that hold the mutex (like il4965_bg_alive_start)

Add mutex_lock()/mutex_unlock() around the il_set_tx_power() call in
the sysfs store function to fix the missing lock protection.

Signed-off-by: Ziyi Guo <n7l8m4@u.northwestern.edu>
---
 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
index 3588dec75ebd..57fa866efd9f 100644
--- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c
+++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
@@ -4606,7 +4606,9 @@ il4965_store_tx_power(struct device *d, struct device_attribute *attr,
 	if (ret)
 		IL_INFO("%s is not in decimal form.\n", buf);
 	else {
+		mutex_lock(&il->mutex);
 		ret = il_set_tx_power(il, val, false);
+		mutex_unlock(&il->mutex);
 		if (ret)
 			IL_ERR("failed setting tx power (0x%08x).\n", ret);
 		else
-- 
2.34.1
Re: [PATCH] wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power()
Posted by Stanislaw Gruszka 2 weeks ago 
On Sun, Jan 25, 2026 at 07:40:39PM +0000, Ziyi Guo wrote:
> il4965_store_tx_power() calls il_set_tx_power() without holding il->mutex.
> However, il_set_tx_power() has lockdep_assert_held(&il->mutex) indicating
> that callers must hold this lock.
> 
> All other callers of il_set_tx_power() properly acquire the mutex:
> - il_bg_scan_completed() acquires mutex at common.c:1683
> - il_mac_config() acquires mutex at common.c:5006
> - il3945_commit_rxon() and il4965_commit_rxon() are called via work
>   queues that hold the mutex (like il4965_bg_alive_start)
> 
> Add mutex_lock()/mutex_unlock() around the il_set_tx_power() call in
> the sysfs store function to fix the missing lock protection.
> 
> Signed-off-by: Ziyi Guo <n7l8m4@u.northwestern.edu>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>

> ---
>  drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
> index 3588dec75ebd..57fa866efd9f 100644
> --- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c
> +++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
> @@ -4606,7 +4606,9 @@ il4965_store_tx_power(struct device *d, struct device_attribute *attr,
>  	if (ret)
>  		IL_INFO("%s is not in decimal form.\n", buf);
>  	else {
> +		mutex_lock(&il->mutex);
>  		ret = il_set_tx_power(il, val, false);
> +		mutex_unlock(&il->mutex);
>  		if (ret)
>  			IL_ERR("failed setting tx power (0x%08x).\n", ret);
>  		else
> -- 
> 2.34.1
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.