* [PATCH 6.1.y 1/2] wifi: mac80211: avoid lockdep checking when removing deflink
@ 2025-08-23 20:22 Hanne-Lotta Mäenpää
2025-08-23 20:22 ` [PATCH 6.1.y 2/2] wifi: mac80211: check basic rates validity in sta_link_apply_parameters Hanne-Lotta Mäenpää
0 siblings, 1 reply; 2+ messages in thread
From: Hanne-Lotta Mäenpää @ 2025-08-23 20:22 UTC (permalink / raw)
To: stable
Cc: johannes, shaul.triebitz, linux-wireless, linux-kernel,
linux-kernel-mentees, skhan, david.hunter.linux, Benjamin Berg,
Gregory Greenman, Johannes Berg,
Hanne-Lotta Mäenpää
From: Benjamin Berg <benjamin.berg@intel.com>
struct sta_info may be removed without holding sta_mtx if it has not
yet been inserted. To support this, only assert that the lock is held
for links other than the deflink.
This fixes lockdep issues that may be triggered in error cases.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230619161906.cdd81377dea0.If5a6734b4b85608a2275a09b4f99b5564d82997f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit b8b80770b26c4591f20f1cde3328e5f1489c4488)
Signed-off-by: Hanne-Lotta Mäenpää <hannelotta@gmail.com>
---
net/mac80211/sta_info.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index dd1864f6549f..e9ae92094794 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -357,8 +357,9 @@ static void sta_remove_link(struct sta_info *sta, unsigned int link_id,
struct sta_link_alloc *alloc = NULL;
struct link_sta_info *link_sta;
- link_sta = rcu_dereference_protected(sta->link[link_id],
- lockdep_is_held(&sta->local->sta_mtx));
+ link_sta = rcu_access_pointer(sta->link[link_id]);
+ if (link_sta != &sta->deflink)
+ lockdep_assert_held(&sta->local->sta_mtx);
if (WARN_ON(!link_sta))
return;
--
2.50.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 6.1.y 2/2] wifi: mac80211: check basic rates validity in sta_link_apply_parameters
2025-08-23 20:22 [PATCH 6.1.y 1/2] wifi: mac80211: avoid lockdep checking when removing deflink Hanne-Lotta Mäenpää
@ 2025-08-23 20:22 ` Hanne-Lotta Mäenpää
0 siblings, 0 replies; 2+ messages in thread
From: Hanne-Lotta Mäenpää @ 2025-08-23 20:22 UTC (permalink / raw)
To: stable
Cc: johannes, shaul.triebitz, linux-wireless, linux-kernel,
linux-kernel-mentees, skhan, david.hunter.linux, Mikhail Lobanov,
Johannes Berg, Hanne-Lotta Mäenpää
From: Mikhail Lobanov <m.lobanov@rosa.ru>
[ Upstream commit 16ee3ea8faef8ff042acc15867a6c458c573de61 ]
When userspace sets supported rates for a new station via
NL80211_CMD_NEW_STATION, it might send a list that's empty
or contains only invalid values. Currently, we process these
values in sta_link_apply_parameters() without checking the result of
ieee80211_parse_bitrates(), which can lead to an empty rates bitmap.
A similar issue was addressed for NL80211_CMD_SET_BSS in commit
ce04abc3fcc6 ("wifi: mac80211: check basic rates validity").
This patch applies the same approach in sta_link_apply_parameters()
for NL80211_CMD_NEW_STATION, ensuring there is at least one valid
rate by inspecting the result of ieee80211_parse_bitrates().
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
[ Summary of conflict resolutions:
- The function ieee80211_parse_bitrates() takes channel width as
its first parameter, and the chandef struct has been refactored
in kernel version 6.9, in commit
6092077ad09ce880c61735c314060f0bd79ae4aa so that the width is
contained in chanreq.oper.width. In kernel version 6.1 the
width parameter is defined directly in the chandef struct. ]
Fixes: b95eb7f0eee4 ("wifi: cfg80211/mac80211: separate link params from station params")
Signed-off-by: Mikhail Lobanov <m.lobanov@rosa.ru>
Link: https://patch.msgid.link/20250317103139.17625-1-m.lobanov@rosa.ru
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Hanne-Lotta Mäenpää <hannelotta@gmail.com>
---
net/mac80211/cfg.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index be48d3f7ffcd..b42eb781d7f7 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1735,12 +1735,12 @@ static int sta_link_apply_parameters(struct ieee80211_local *local,
}
if (params->supported_rates &&
- params->supported_rates_len) {
- ieee80211_parse_bitrates(link->conf->chandef.width,
- sband, params->supported_rates,
- params->supported_rates_len,
- &link_sta->pub->supp_rates[sband->band]);
- }
+ params->supported_rates_len &&
+ !ieee80211_parse_bitrates(link->conf->chandef.width,
+ sband, params->supported_rates,
+ params->supported_rates_len,
+ &link_sta->pub->supp_rates[sband->band]))
+ return -EINVAL;
if (params->ht_capa)
ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
--
2.50.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-08-23 20:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-23 20:22 [PATCH 6.1.y 1/2] wifi: mac80211: avoid lockdep checking when removing deflink Hanne-Lotta Mäenpää
2025-08-23 20:22 ` [PATCH 6.1.y 2/2] wifi: mac80211: check basic rates validity in sta_link_apply_parameters Hanne-Lotta Mäenpää
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).