From patchwork Thu Jan 4 18:10:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Fietkau X-Patchwork-Id: 760118 Received: from nbd.name (nbd.name [46.4.11.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7122828DB1 for ; Thu, 4 Jan 2024 18:11:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nbd.name Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=nbd.name Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=nbd.name header.i=@nbd.name header.b="biE7bXtH" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name; s=20160729; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject: Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=UkXFT0lQ9CqNvgq0kd0IOt5EAQwJbg+cdGqdQCoY6I0=; b=biE7bXtHXKWM2K8AXz5w3GtqiK ZMaaug26Em0xeeSwCHl8g+fPtfnwzC/6COVGSiKAZ1OCp5sd02OI89jfcWf8XYfeef+wCfx0THwyM ykx4PgvbJzMp5WkX/p+kI9jaqDQeQ+y2RIxPOLHhW8+drh/ze9YpODqcWVluAK8V5CL0=; Received: from p4ff13178.dip0.t-ipconnect.de ([79.241.49.120] helo=localhost.localdomain) by ds12 with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Exim 4.94.2) (envelope-from ) id 1rLSBL-0013NC-MV; Thu, 04 Jan 2024 19:11:03 +0100 From: Felix Fietkau To: linux-wireless@vger.kernel.org Cc: johannes@sipsolutions.net Subject: [PATCH] wifi: mac80211: fix race condition on enabling fast-xmit Date: Thu, 4 Jan 2024 19:10:59 +0100 Message-ID: <20240104181059.84032-1-nbd@nbd.name> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta. Signed-off-by: Felix Fietkau --- net/mac80211/sta_info.c | 1 + net/mac80211/tx.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index bf1adcd96b41..de34aebc6064 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -909,6 +909,7 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU) if (ieee80211_vif_is_mesh(&sdata->vif)) mesh_accept_plinks_update(sdata); + ieee80211_check_fast_xmit(sta); return 0; out_remove: diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 314998fdb1a5..68a48abc7287 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -3048,7 +3048,7 @@ void ieee80211_check_fast_xmit(struct sta_info *sta) sdata->vif.type == NL80211_IFTYPE_STATION) goto out; - if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED)) + if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded) goto out; if (test_sta_flag(sta, WLAN_STA_PS_STA) ||