[openwrt/openwrt] mac80211: add a fix for racy drv_sta_rc_update calls
LEDE Commits
lede-commits at lists.infradead.org
Wed Feb 21 06:29:27 PST 2024
nbd pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/2a752ff0281a0a060175f660895630804e2b95b7
commit 2a752ff0281a0a060175f660895630804e2b95b7
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Wed Feb 21 15:28:31 2024 +0100
mac80211: add a fix for racy drv_sta_rc_update calls
Fixes potential crash issues in mt76 and other drivers
Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
...11-only-call-drv_sta_rc_update-for-upload.patch | 25 ++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/package/kernel/mac80211/patches/subsys/331-wifi-mac80211-only-call-drv_sta_rc_update-for-upload.patch b/package/kernel/mac80211/patches/subsys/331-wifi-mac80211-only-call-drv_sta_rc_update-for-upload.patch
new file mode 100644
index 0000000000..167b9e3f77
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/331-wifi-mac80211-only-call-drv_sta_rc_update-for-upload.patch
@@ -0,0 +1,25 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Wed, 21 Feb 2024 14:41:40 +0100
+Subject: [PATCH] wifi: mac80211: only call drv_sta_rc_update for uploaded
+ stations
+
+When a station has not been uploaded yet, receiving SMPS or channel width
+notification action frames can lead to rate_control_rate_update calling
+drv_sta_rc_update with uninitialized driver private data.
+Fix this by adding a missing check for sta->uploaded.
+
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/mac80211/rate.c
++++ b/net/mac80211/rate.c
+@@ -119,7 +119,8 @@ void rate_control_rate_update(struct iee
+ rcu_read_unlock();
+ }
+
+- drv_sta_rc_update(local, sta->sdata, &sta->sta, changed);
++ if (sta->uploaded)
++ drv_sta_rc_update(local, sta->sdata, &sta->sta, changed);
+ }
+
+ int ieee80211_rate_control_register(const struct rate_control_ops *ops)
More information about the lede-commits
mailing list