[openwrt/openwrt] mac80211: fix invalid calls to drv_sta_pre_rcu_remove

LEDE Commits lede-commits at lists.infradead.org
Sun Apr 2 12:16:25 PDT 2023


hauke pushed a commit to openwrt/openwrt.git, branch openwrt-22.03:
https://git.openwrt.org/6035401f46461bcbe4f0a78d6a751f9ae09557ae

commit 6035401f46461bcbe4f0a78d6a751f9ae09557ae
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Fri Mar 24 13:32:36 2023 +0100

    mac80211: fix invalid calls to drv_sta_pre_rcu_remove
    
    Potentially fixes some driver data structure corruption issues
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
    (cherry picked from commit 9779ee021d30508eb9e7ebf1ec0a28a4be3c4c19)
    [Change patch number]
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 ...11-fix-invalid-drv_sta_pre_rcu_remove-cal.patch | 25 ++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch b/package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch
new file mode 100644
index 0000000000..01a6c51065
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch
@@ -0,0 +1,25 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Fri, 24 Mar 2023 13:04:17 +0100
+Subject: [PATCH] wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for
+ non-uploaded sta
+
+Avoid potential data corruption issues caused by uninitialized driver
+private data structures.
+
+Reported-by: Brian Coverstone <brian at mainsequence.net>
+Fixes: 6a9d1b91f34d ("mac80211: add pre-RCU-sync sta removal driver operation")
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -1041,7 +1041,8 @@ static int __must_check __sta_info_destr
+ 	list_del_rcu(&sta->list);
+ 	sta->removed = true;
+ 
+-	drv_sta_pre_rcu_remove(local, sta->sdata, sta);
++	if (sta->uploaded)
++		drv_sta_pre_rcu_remove(local, sta->sdata, sta);
+ 
+ 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
+ 	    rcu_access_pointer(sdata->u.vlan.sta) == sta)




More information about the lede-commits mailing list