[openwrt/openwrt] mac80211: clear vif private data in order to fix accidental reuse

LEDE Commits lede-commits at lists.infradead.org
Thu Jul 11 09:24:44 PDT 2024 

nbd pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/c640f7b93736621b4d56627e4f6ab824093f9c3d

commit c640f7b93736621b4d56627e4f6ab824093f9c3d
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Wed Jul 3 17:45:33 2024 +0200

    mac80211: clear vif private data in order to fix accidental reuse
    
    Fixes potential issues when bringing an interface down and then up again
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
 ...11-clear-vif-drv_priv-after-calling-remov.patch | 29 ++++++++++++++++++++++
 ...11-extend-IEEE80211_KEY_FLAG_GENERATE_MMI.patch |  2 +-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/package/kernel/mac80211/patches/subsys/306-wifi-mac80211-clear-vif-drv_priv-after-calling-remov.patch b/package/kernel/mac80211/patches/subsys/306-wifi-mac80211-clear-vif-drv_priv-after-calling-remov.patch
new file mode 100644
index 0000000000..46cae5bf4b
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/306-wifi-mac80211-clear-vif-drv_priv-after-calling-remov.patch
@@ -0,0 +1,29 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Wed, 3 Jul 2024 12:10:01 +0200
+Subject: [PATCH] wifi: mac80211: clear vif drv_priv after calling
+ remove_interface
+
+Avoid reusing stale driver data when an interface is brought down and up
+again. In order to avoid having to duplicate the memset in every single
+driver, do it here.
+
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -684,8 +684,12 @@ static void ieee80211_do_stop(struct iee
+ 
+ 		fallthrough;
+ 	default:
+-		if (going_down)
+-			drv_remove_interface(local, sdata);
++		if (!going_down)
++			break;
++		drv_remove_interface(local, sdata);
++
++		/* Clear private driver data to prevent reuse */
++		memset(sdata->vif.drv_priv, 0, local->hw.vif_data_size);
+ 	}
+ 
+ 	ieee80211_recalc_ps(local);
diff --git a/package/kernel/mac80211/patches/subsys/333-wifi-mac80211-extend-IEEE80211_KEY_FLAG_GENERATE_MMI.patch b/package/kernel/mac80211/patches/subsys/333-wifi-mac80211-extend-IEEE80211_KEY_FLAG_GENERATE_MMI.patch
index 6504f6ca33..b2b4346a95 100644
--- a/package/kernel/mac80211/patches/subsys/333-wifi-mac80211-extend-IEEE80211_KEY_FLAG_GENERATE_MMI.patch
+++ b/package/kernel/mac80211/patches/subsys/333-wifi-mac80211-extend-IEEE80211_KEY_FLAG_GENERATE_MMI.patch
@@ -15,7 +15,7 @@ Signed-off-by: Johannes Berg <johannes.berg at intel.com>
 
 --- a/include/net/mac80211.h
 +++ b/include/net/mac80211.h
-@@ -2032,8 +2032,8 @@ static inline bool lockdep_vif_mutex_hel
+@@ -2037,8 +2037,8 @@ static inline bool lockdep_vif_mutex_hel
   *	@IEEE80211_KEY_FLAG_GENERATE_MMIC on the same key.
   * @IEEE80211_KEY_FLAG_NO_AUTO_TX: Key needs explicit Tx activation.
   * @IEEE80211_KEY_FLAG_GENERATE_MMIE: This flag should be set by the driver

More information about the lede-commits mailing list