* window between nl80211_init() and regulatory_init(), if that is
         * even possible.
         */
-       mutex_lock(&cfg80211_mutex);
-       if (unlikely(!cfg80211_regdomain)) {
-               mutex_unlock(&cfg80211_mutex);
+       if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
                return -EINPROGRESS;
-       }
-       mutex_unlock(&cfg80211_mutex);
 
        if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
                return -EINVAL;
 
 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
 {
+       const struct ieee80211_regdomain *regdom;
        struct sk_buff *msg;
        void *hdr = NULL;
        struct nlattr *nl_reg_rules;
        if (!hdr)
                goto put_failure;
 
-       if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
-                          cfg80211_regdomain->alpha2) ||
-           (cfg80211_regdomain->dfs_region &&
-            nla_put_u8(msg, NL80211_ATTR_DFS_REGION,
-                       cfg80211_regdomain->dfs_region)))
-               goto nla_put_failure;
-
        if (reg_last_request_cell_base() &&
            nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
                        NL80211_USER_REG_HINT_CELL_BASE))
                goto nla_put_failure;
 
+       rcu_read_lock();
+       regdom = rcu_dereference(cfg80211_regdomain);
+
+       if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
+           (regdom->dfs_region &&
+            nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
+               goto nla_put_failure_rcu;
+
        nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
        if (!nl_reg_rules)
-               goto nla_put_failure;
+               goto nla_put_failure_rcu;
 
-       for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
+       for (i = 0; i < regdom->n_reg_rules; i++) {
                struct nlattr *nl_reg_rule;
                const struct ieee80211_reg_rule *reg_rule;
                const struct ieee80211_freq_range *freq_range;
                const struct ieee80211_power_rule *power_rule;
 
-               reg_rule = &cfg80211_regdomain->reg_rules[i];
+               reg_rule = ®dom->reg_rules[i];
                freq_range = ®_rule->freq_range;
                power_rule = ®_rule->power_rule;
 
                nl_reg_rule = nla_nest_start(msg, i);
                if (!nl_reg_rule)
-                       goto nla_put_failure;
+                       goto nla_put_failure_rcu;
 
                if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
                                reg_rule->flags) ||
                                power_rule->max_antenna_gain) ||
                    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
                                power_rule->max_eirp))
-                       goto nla_put_failure;
+                       goto nla_put_failure_rcu;
 
                nla_nest_end(msg, nl_reg_rule);
        }
+       rcu_read_unlock();
 
        nla_nest_end(msg, nl_reg_rules);
 
        err = genlmsg_reply(msg, info);
        goto out;
 
+nla_put_failure_rcu:
+       rcu_read_unlock();
 nla_put_failure:
        genlmsg_cancel(msg, hdr);
 put_failure:
 
  * Central wireless core regulatory domains, we only need two,
  * the current one and a world regulatory domain in case we have no
  * information to give us an alpha2.
- * Protected by the cfg80211_mutex.
  */
-const struct ieee80211_regdomain *cfg80211_regdomain;
+const struct ieee80211_regdomain __rcu *cfg80211_regdomain;
 
 /*
  * Protects static reg.c components:
- *     - cfg80211_world_regdom
- *     - last_request
- *     - reg_num_devs_support_basehint
+ *     - cfg80211_regdomain (if not used with RCU)
+ *     - cfg80211_world_regdom
+ *     - last_request
+ *     - reg_num_devs_support_basehint
  */
 static DEFINE_MUTEX(reg_mutex);
 
        lockdep_assert_held(®_mutex);
 }
 
+static const struct ieee80211_regdomain *get_cfg80211_regdom(void)
+{
+       return rcu_dereference_protected(cfg80211_regdomain,
+                                        lockdep_is_held(®_mutex));
+}
+
+static const struct ieee80211_regdomain *get_wiphy_regdom(struct wiphy *wiphy)
+{
+       return rcu_dereference_protected(wiphy->regd,
+                                        lockdep_is_held(®_mutex));
+}
+
+static void rcu_free_regdom(const struct ieee80211_regdomain *r)
+{
+       if (!r)
+               return;
+       kfree_rcu((struct ieee80211_regdomain *)r, rcu_head);
+}
+
 /* Used to queue up regulatory hints */
 static LIST_HEAD(reg_requests_list);
 static spinlock_t reg_requests_lock;
 static void reset_regdomains(bool full_reset,
                             const struct ieee80211_regdomain *new_regdom)
 {
-       assert_cfg80211_lock();
+       const struct ieee80211_regdomain *r;
+
        assert_reg_lock();
 
+       r = get_cfg80211_regdom();
+
        /* avoid freeing static information or freeing something twice */
-       if (cfg80211_regdomain == cfg80211_world_regdom)
-               cfg80211_regdomain = NULL;
+       if (r == cfg80211_world_regdom)
+               r = NULL;
        if (cfg80211_world_regdom == &world_regdom)
                cfg80211_world_regdom = NULL;
-       if (cfg80211_regdomain == &world_regdom)
-               cfg80211_regdomain = NULL;
+       if (r == &world_regdom)
+               r = NULL;
 
-       kfree(cfg80211_regdomain);
-       kfree(cfg80211_world_regdom);
+       rcu_free_regdom(r);
+       rcu_free_regdom(cfg80211_world_regdom);
 
        cfg80211_world_regdom = &world_regdom;
-       cfg80211_regdomain = new_regdom;
+       rcu_assign_pointer(cfg80211_regdomain, new_regdom);
 
        if (!full_reset)
                return;
 {
        WARN_ON(!last_request);
 
-       assert_cfg80211_lock();
        assert_reg_lock();
 
        reset_regdomains(false, rd);
 
 static bool regdom_changes(const char *alpha2)
 {
-       assert_cfg80211_lock();
+       const struct ieee80211_regdomain *r = get_cfg80211_regdom();
 
-       if (!cfg80211_regdomain)
+       if (!r)
                return true;
-       return !alpha2_equal(cfg80211_regdomain->alpha2, alpha2);
+       return !alpha2_equal(r->alpha2, alpha2);
 }
 
 /*
        const struct ieee80211_regdomain *regd;
 
        assert_reg_lock();
-       assert_cfg80211_lock();
 
        /*
         * Follow the driver's regulatory domain, if present, unless a country
        if (last_request->initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE &&
            last_request->initiator != NL80211_REGDOM_SET_BY_USER &&
            wiphy->regd)
-               regd = wiphy->regd;
+               regd = get_wiphy_regdom(wiphy);
        else
-               regd = cfg80211_regdomain;
+               regd = get_cfg80211_regdom();
 
        return freq_reg_info_regd(wiphy, center_freq, reg_rule, regd);
 }
        const struct ieee80211_freq_range *freq_range = NULL;
        struct wiphy *request_wiphy = NULL;
 
-       assert_cfg80211_lock();
-
        request_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx);
 
        flags = chan->orig_flags;
 
 static bool reg_is_world_roaming(struct wiphy *wiphy)
 {
-       assert_cfg80211_lock();
+       const struct ieee80211_regdomain *cr = get_cfg80211_regdom();
+       const struct ieee80211_regdomain *wr = get_wiphy_regdom(wiphy);
 
-       if (is_world_regdom(cfg80211_regdomain->alpha2) ||
-           (wiphy->regd && is_world_regdom(wiphy->regd->alpha2)))
+       if (is_world_regdom(cr->alpha2) || (wr && is_world_regdom(wr->alpha2)))
                return true;
+
        if (last_request &&
            last_request->initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE &&
            wiphy->flags & WIPHY_FLAG_CUSTOM_REGULATORY)
                return true;
+
        return false;
 }
 
 {
        enum ieee80211_band band;
 
-       assert_cfg80211_lock();
        assert_reg_lock();
 
        if (ignore_reg_update(wiphy, initiator))
                return;
 
-       last_request->dfs_region = cfg80211_regdomain->dfs_region;
+       last_request->dfs_region = get_cfg80211_regdom()->dfs_region;
 
        for (band = 0; band < IEEE80211_NUM_BANDS; band++)
                handle_band(wiphy, initiator, wiphy->bands[band]);
        struct cfg80211_registered_device *rdev;
        struct wiphy *wiphy;
 
+       assert_cfg80211_lock();
+
        list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
                wiphy = &rdev->wiphy;
                wiphy_update_regulatory(wiphy, initiator);
  *
  * Returns one of the different reg request treatment values.
  *
- * Caller must hold &cfg80211_mutex and ®_mutex
+ * Caller must hold ®_mutex
  */
 static enum reg_request_treatment
 __regulatory_hint(struct wiphy *wiphy,
        bool intersect = false;
        enum reg_request_treatment treatment;
 
-       assert_cfg80211_lock();
-
        treatment = get_reg_request_treatment(wiphy, pending_request);
 
        switch (treatment) {
        case REG_REQ_INTERSECT:
                if (pending_request->initiator ==
                    NL80211_REGDOM_SET_BY_DRIVER) {
-                       regd = reg_copy_regd(cfg80211_regdomain);
+                       regd = reg_copy_regd(get_cfg80211_regdom());
                        if (IS_ERR(regd)) {
                                kfree(pending_request);
                                return PTR_ERR(regd);
                        }
-                       wiphy->regd = regd;
+                       rcu_assign_pointer(wiphy->regd, regd);
                }
                intersect = true;
                break;
                 */
                if (treatment == REG_REQ_ALREADY_SET &&
                    pending_request->initiator == NL80211_REGDOM_SET_BY_DRIVER) {
-                       regd = reg_copy_regd(cfg80211_regdomain);
+                       regd = reg_copy_regd(get_cfg80211_regdom());
                        if (IS_ERR(regd)) {
                                kfree(pending_request);
                                return REG_REQ_IGNORE;
                        }
                        treatment = REG_REQ_ALREADY_SET;
-                       wiphy->regd = regd;
+                       rcu_assign_pointer(wiphy->regd, regd);
                        goto new_request;
                }
                kfree(pending_request);
 
        /* Some basic sanity checks first */
 
+       assert_reg_lock();
+
        if (!reg_is_valid_request(rd->alpha2))
                return -EINVAL;
 
                if (IS_ERR(regd))
                        return PTR_ERR(regd);
 
-               request_wiphy->regd = regd;
+               rcu_assign_pointer(request_wiphy->regd, regd);
                reset_regdomains(false, rd);
                return 0;
        }
        /* Intersection requires a bit more work */
 
        if (last_request->initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE) {
-               intersected_rd = regdom_intersect(rd, cfg80211_regdomain);
+               intersected_rd = regdom_intersect(rd, get_cfg80211_regdom());
                if (!intersected_rd)
                        return -EINVAL;
 
                 * domain we keep it for its private use
                 */
                if (last_request->initiator == NL80211_REGDOM_SET_BY_DRIVER)
-                       request_wiphy->regd = rd;
+                       rcu_assign_pointer(request_wiphy->regd, rd);
                else
                        kfree(rd);
 
 /*
  * Use this call to set the current regulatory domain. Conflicts with
  * multiple drivers can be ironed out later. Caller must've already
- * kmalloc'd the rd structure. Caller must hold cfg80211_mutex
+ * kmalloc'd the rd structure.
  */
 int set_regdom(const struct ieee80211_regdomain *rd)
 {
        int r;
 
-       assert_cfg80211_lock();
-
        mutex_lock(®_mutex);
 
        /* Note that this doesn't update the wiphys, this is done below */
        }
 
        /* This would make this whole thing pointless */
-       if (WARN_ON(!last_request->intersect && rd != cfg80211_regdomain)) {
+       if (WARN_ON(!last_request->intersect &&
+                   rd != get_cfg80211_regdom())) {
                r = -EINVAL;
                goto out;
        }
        /* update all wiphys now with the new established regulatory domain */
        update_all_wiphy_regulatory(last_request->initiator);
 
-       print_regdomain(cfg80211_regdomain);
+       print_regdomain(get_cfg80211_regdom());
 
        nl80211_send_reg_change_event(last_request);
 
        if (!reg_dev_ignore_cell_hint(wiphy))
                reg_num_devs_support_basehint--;
 
-       kfree(wiphy->regd);
+       rcu_free_regdom(get_wiphy_regdom(wiphy));
+       rcu_assign_pointer(wiphy->regd, NULL);
 
        if (last_request)
                request_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx);
 
        reg_regdb_size_check();
 
-       cfg80211_regdomain = cfg80211_world_regdom;
+       rcu_assign_pointer(cfg80211_regdomain, cfg80211_world_regdom);
 
        user_alpha2[0] = '9';
        user_alpha2[1] = '7';
 
        /* We always try to get an update for the static regdomain */
-       err = regulatory_hint_core(cfg80211_regdomain->alpha2);
+       err = regulatory_hint_core(cfg80211_world_regdom->alpha2);
        if (err) {
                if (err == -ENOMEM)
                        return err;
        cancel_delayed_work_sync(®_timeout);
 
        /* Lock to suppress warnings */
-       mutex_lock(&cfg80211_mutex);
        mutex_lock(®_mutex);
        reset_regdomains(true, NULL);
-       mutex_unlock(&cfg80211_mutex);
        mutex_unlock(®_mutex);
 
        dev_set_uevent_suppress(®_pdev->dev, true);