projects / openwrt / staging / stintel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: adf9133)
mac80211: fix a race condition related to enabling fast-xmit
authorFelix Fietkau <nbd@nbd.name>
Wed, 3 Jan 2024 14:13:32 +0000 (15:13 +0100)
committerFelix Fietkau <nbd@nbd.name>
Thu, 4 Jan 2024 17:01:31 +0000 (18:01 +0100)
fast-xmit must only be enabled after the sta has been uploaded to the driver,
otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
to the driver, leading to potential crashes because of uninitialized drv_priv
data.
Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
package/kernel/mac80211/patches/subsys/314-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch [new file with mode: 0644] patch | blob

diff --git a/package/kernel/mac80211/patches/subsys/314-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch b/package/kernel/mac80211/patches/subsys/314-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
new file mode 100644 (file)
index 0000000..191eb67
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/314-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
@@ -0,0 +1,34 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 3 Jan 2024 15:10:18 +0100
+Subject: [PATCH] wifi: mac80211: fix race condition on enabling fast-xmit
+
+fast-xmit must only be enabled after the sta has been uploaded to the driver,
+otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
+to the driver, leading to potential crashes because of uninitialized drv_priv
+data.
+Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -911,6 +911,7 @@ static int sta_info_insert_finish(struct
+       if (ieee80211_vif_is_mesh(&sdata->vif))
+               mesh_accept_plinks_update(sdata);
++      ieee80211_check_fast_xmit(sta);
+       return 0;
+  out_remove:
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3033,7 +3033,7 @@ void ieee80211_check_fast_xmit(struct st
+           sdata->vif.type == NL80211_IFTYPE_STATION)
+               goto out;
+-      if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED))
++      if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded)
+               goto out;
+       if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
Staging tree of Stijn Tintel