mac80211: fix invalid calls to drv_sta_pre_rcu_remove

author Felix Fietkau <nbd@nbd.name>

Fri, 24 Mar 2023 12:32:36 +0000 (13:32 +0100)

committer Felix Fietkau <nbd@nbd.name>

Fri, 24 Mar 2023 12:32:51 +0000 (13:32 +0100)
author Felix Fietkau <nbd@nbd.name>
Fri, 24 Mar 2023 12:32:36 +0000 (13:32 +0100)
committer Felix Fietkau <nbd@nbd.name>
Fri, 24 Mar 2023 12:32:51 +0000 (13:32 +0100)
diff --git a/package/kernel/mac80211/patches/subsys/328-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch b/package/kernel/mac80211/patches/subsys/328-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch

new file mode 100644 (file)

index 0000000..289906c
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/328-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch
@@ -0,0 +1,25 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Fri, 24 Mar 2023 13:04:17 +0100
+Subject: [PATCH] wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for
+ non-uploaded sta
+
+Avoid potential data corruption issues caused by uninitialized driver
+private data structures.
+
+Reported-by: Brian Coverstone <brian@mainsequence.net>
+Fixes: 6a9d1b91f34d ("mac80211: add pre-RCU-sync sta removal driver operation")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -1241,7 +1241,8 @@ static int __must_check __sta_info_destr
+       list_del_rcu(&sta->list);
+       sta->removed = true;
+ 
+-      drv_sta_pre_rcu_remove(local, sta->sdata, sta);
++      if (sta->uploaded)
++              drv_sta_pre_rcu_remove(local, sta->sdata, sta);
+ 
+       if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
+           rcu_access_pointer(sdata->u.vlan.sta) == sta)
author	Felix Fietkau <nbd@nbd.name>
	Fri, 24 Mar 2023 12:32:36 +0000 (13:32 +0100)
committer	Felix Fietkau <nbd@nbd.name>
	Fri, 24 Mar 2023 12:32:51 +0000 (13:32 +0100)