e7a7010c7fbb0998d4d5616f91a63a91b016be1c
[openwrt/openwrt.git] /
1 From: Felix Fietkau <nbd@nbd.name>
2 Date: Wed, 3 Jan 2024 15:10:18 +0100
3 Subject: [PATCH] wifi: mac80211: fix race condition on enabling fast-xmit
4
5 fast-xmit must only be enabled after the sta has been uploaded to the driver,
6 otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
7 to the driver, leading to potential crashes because of uninitialized drv_priv
8 data.
9 Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
10
11 Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 ---
13
14 --- a/net/mac80211/sta_info.c
15 +++ b/net/mac80211/sta_info.c
16 @@ -918,6 +918,7 @@ static int sta_info_insert_finish(struct
17
18 if (ieee80211_vif_is_mesh(&sdata->vif))
19 mesh_accept_plinks_update(sdata);
20 + ieee80211_check_fast_xmit(sta);
21
22 return 0;
23 out_remove:
24 --- a/net/mac80211/tx.c
25 +++ b/net/mac80211/tx.c
26 @@ -3034,7 +3034,7 @@ void ieee80211_check_fast_xmit(struct st
27 sdata->vif.type == NL80211_IFTYPE_STATION)
28 goto out;
29
30 - if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED))
31 + if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded)
32 goto out;
33
34 if (test_sta_flag(sta, WLAN_STA_PS_STA) ||