[openwrt/openwrt] mac80211: fix a race condition related to enabling fast-xmit

LEDE Commits lede-commits at lists.infradead.org
Thu Jan 4 10:09:56 PST 2024 

nbd pushed a commit to openwrt/openwrt.git, branch openwrt-23.05:
https://git.openwrt.org/9325da80ab5dbd7caf91b2f98117c5f6ae6fc7c2

commit 9325da80ab5dbd7caf91b2f98117c5f6ae6fc7c2
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Wed Jan 3 15:13:32 2024 +0100

    mac80211: fix a race condition related to enabling fast-xmit
    
    fast-xmit must only be enabled after the sta has been uploaded to the driver,
    otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
    to the driver, leading to potential crashes because of uninitialized drv_priv
    data.
    Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
    (cherry picked from commit 438a97fab69b41387e25cbec45271e7fe159a330)
---
 ...11-fix-race-condition-on-enabling-fast-xm.patch | 34 ++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/package/kernel/mac80211/patches/subsys/337-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch b/package/kernel/mac80211/patches/subsys/337-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
new file mode 100644
index 0000000000..0ef0aa2ef7
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/337-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
@@ -0,0 +1,34 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Wed, 3 Jan 2024 15:10:18 +0100
+Subject: [PATCH] wifi: mac80211: fix race condition on enabling fast-xmit
+
+fast-xmit must only be enabled after the sta has been uploaded to the driver,
+otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
+to the driver, leading to potential crashes because of uninitialized drv_priv
+data.
+Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
+
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -886,6 +886,7 @@ static int sta_info_insert_finish(struct
+ 
+ 	if (ieee80211_vif_is_mesh(&sdata->vif))
+ 		mesh_accept_plinks_update(sdata);
++	ieee80211_check_fast_xmit(sta);
+ 
+ 	return 0;
+  out_remove:
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3041,7 +3041,7 @@ void ieee80211_check_fast_xmit(struct st
+ 	    sdata->vif.type == NL80211_IFTYPE_STATION)
+ 		goto out;
+ 
+-	if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED))
++	if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded)
+ 		goto out;
+ 
+ 	if (test_sta_flag(sta, WLAN_STA_PS_STA) ||

More information about the lede-commits mailing list