From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Felix Fietkau <nbd@nbd.name>,
Johannes Berg <johannes.berg@intel.com>,
Sasha Levin <sashal@kernel.org>,
johannes@sipsolutions.net, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 6.7 02/23] wifi: mac80211: fix race condition on enabling fast-xmit
Date: Fri, 2 Feb 2024 13:38:58 -0500 [thread overview]
Message-ID: <20240202183926.540467-2-sashal@kernel.org> (raw)
In-Reply-To: <20240202183926.540467-1-sashal@kernel.org>
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f ]
fast-xmit must only be enabled after the sta has been uploaded to the driver,
otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
to the driver, leading to potential crashes because of uninitialized drv_priv
data.
Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Link: https://msgid.link/20240104181059.84032-1-nbd@nbd.name
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/sta_info.c | 2 ++
net/mac80211/tx.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 0ba613dd1cc4..b62b21749f52 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -910,6 +910,8 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
if (ieee80211_vif_is_mesh(&sdata->vif))
mesh_accept_plinks_update(sdata);
+ ieee80211_check_fast_xmit(sta);
+
return 0;
out_remove:
if (sta->sta.valid_links)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index ed4fdf655343..4b2823e36a37 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3048,7 +3048,7 @@ void ieee80211_check_fast_xmit(struct sta_info *sta)
sdata->vif.type == NL80211_IFTYPE_STATION)
goto out;
- if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED))
+ if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded)
goto out;
if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
--
2.43.0
next prev parent reply other threads:[~2024-02-02 18:39 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-02 18:38 [PATCH AUTOSEL 6.7 01/23] wifi: cfg80211: fix missing interfaces when dumping Sasha Levin
2024-02-02 18:38 ` Sasha Levin [this message]
2024-02-02 18:38 ` [PATCH AUTOSEL 6.7 03/23] fbdev: savage: Error out if pixclock equals zero Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 04/23] fbdev: sis: " Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 05/23] dpll: fix broken error path in dpll_pin_alloc(..) Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 06/23] platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 07/23] spi: intel-pci: Add support for Arrow Lake SPI serial flash Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 08/23] x86/cpu: Add model number for Intel Clearwater Forest processor Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 09/23] spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 10/23] block: Fix WARNING in _copy_from_iter Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 11/23] smb: Work around Clang __bdos() type confusion Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 12/23] cifs: cifs_pick_channel should try selecting active channels Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 13/23] cifs: translate network errors on send to -ECONNABORTED Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 14/23] cifs: helper function to check replayable error codes Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 15/23] ahci: asm1166: correct count of reported ports Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 16/23] aoe: avoid potential deadlock at set_capacity Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 17/23] spi: cs42l43: Handle error from devm_pm_runtime_enable Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 18/23] exec: Distinguish in_execve from in_exec Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 19/23] ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Sasha Levin
2024-02-22 14:58 ` Niklas Cassel
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 20/23] ARM: dts: Fix TPM schema violations Sasha Levin
2024-02-02 18:39 ` Sasha Levin
2024-02-02 18:39 ` Sasha Levin
2024-02-02 19:20 ` Lukas Wunner
2024-02-02 19:20 ` Lukas Wunner
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 21/23] drm/amd/display: Disable ips before dc interrupt setting Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 22/23] MIPS: reserve exception vector space ONLY ONCE Sasha Levin
2024-02-02 18:39 ` [PATCH AUTOSEL 6.7 23/23] platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240202183926.540467-2-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=johannes.berg@intel.com \
--cc=johannes@sipsolutions.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=nbd@nbd.name \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.