mac80211: fix invalid calls to drv_sta_pre_rcu_remove

Potentially fixes some driver data structure corruption issues Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-12-19 05:14:58 +00:00 · 2023-03-24 13:32:36 +01:00 · 2023-03-24 13:32:36 +01:00 · 9779ee021d
commit 9779ee021d
parent 4dedcbdc80
1 changed files with 25 additions and 0 deletions
--- a/package/kernel/mac80211/patches/subsys/328-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch
+++ b/package/kernel/mac80211/patches/subsys/328-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch
@ -0,0 +1,25 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Fri, 24 Mar 2023 13:04:17 +0100
+Subject: [PATCH] wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for
+ non-uploaded sta
+
+Avoid potential data corruption issues caused by uninitialized driver
+private data structures.
+
+Reported-by: Brian Coverstone <brian@mainsequence.net>
+Fixes: 6a9d1b91f34d ("mac80211: add pre-RCU-sync sta removal driver operation")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
+@@ -1241,7 +1241,8 @@ static int __must_check __sta_info_destr
+ 	list_del_rcu(&sta->list);
+ 	sta->removed = true;
+ 
+-	drv_sta_pre_rcu_remove(local, sta->sdata, sta);
+	if (sta->uploaded)
+		drv_sta_pre_rcu_remove(local, sta->sdata, sta);
+ 
+ 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
+ 	    rcu_access_pointer(sdata->u.vlan.sta) == sta)