* [PATCH wireless-next] wifi: mac80211: check stations are removed before MLD change
@ 2026-05-05 13:17 Johannes Berg
2026-05-05 14:17 ` Ben Greear
0 siblings, 1 reply; 3+ messages in thread
From: Johannes Berg @ 2026-05-05 13:17 UTC (permalink / raw)
To: linux-wireless; +Cc: Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
If an interface changes to/from MLD, then all stations related
to it must have been removed first. This is just natural since
we go from having links to not (or vice versa), but not doing
so also causes crashes in debugfs since vif changing to/from
MLD removes the entire debugfs for the vif, including stations.
Delete all stations but warn in this case, other code should
be handling it, in effect fail fast rather than doing a double
free or use-after-free in debugfs.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
This basically makes sure that the bug I fixed in
https://lore.kernel.org/linux-wireless/20260505151533.c4e52deb06ad.Iafe56cec7de8512626169496b134bce3a6c17010@changeid/
is noticed quickly. I'll probably merge this only
after the fix lands in wireless-next via net/net-next.
---
net/mac80211/link.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/link.c b/net/mac80211/link.c
index 93e290dd783f..e81dd02de12e 100644
--- a/net/mac80211/link.c
+++ b/net/mac80211/link.c
@@ -2,7 +2,7 @@
/*
* MLO link handling
*
- * Copyright (C) 2022-2025 Intel Corporation
+ * Copyright (C) 2022-2026 Intel Corporation
*/
#include <linux/slab.h>
#include <linux/kernel.h>
@@ -307,6 +307,9 @@ static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata,
if (old_links == new_links && dormant_links == sdata->vif.dormant_links)
return 0;
+ if (!old_links || !new_links)
+ WARN_ON(sta_info_flush(sdata, -1) > 0);
+
/* if there were no old links, need to clear the pointers to deflink */
if (!old_links)
rem |= BIT(0);
--
2.53.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH wireless-next] wifi: mac80211: check stations are removed before MLD change
2026-05-05 13:17 [PATCH wireless-next] wifi: mac80211: check stations are removed before MLD change Johannes Berg
@ 2026-05-05 14:17 ` Ben Greear
2026-05-05 15:55 ` Johannes Berg
0 siblings, 1 reply; 3+ messages in thread
From: Ben Greear @ 2026-05-05 14:17 UTC (permalink / raw)
To: Johannes Berg, linux-wireless; +Cc: Johannes Berg
On 5/5/26 06:17, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@intel.com>
>
> If an interface changes to/from MLD, then all stations related
> to it must have been removed first. This is just natural since
> we go from having links to not (or vice versa), but not doing
> so also causes crashes in debugfs since vif changing to/from
> MLD removes the entire debugfs for the vif, including stations.
>
> Delete all stations but warn in this case, other code should
> be handling it, in effect fail fast rather than doing a double
> free or use-after-free in debugfs.
>
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> This basically makes sure that the bug I fixed in
> https://lore.kernel.org/linux-wireless/20260505151533.c4e52deb06ad.Iafe56cec7de8512626169496b134bce3a6c17010@changeid/
> is noticed quickly. I'll probably merge this only
> after the fix lands in wireless-next via net/net-next.
> ---
> net/mac80211/link.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/net/mac80211/link.c b/net/mac80211/link.c
> index 93e290dd783f..e81dd02de12e 100644
> --- a/net/mac80211/link.c
> +++ b/net/mac80211/link.c
> @@ -2,7 +2,7 @@
> /*
> * MLO link handling
> *
> - * Copyright (C) 2022-2025 Intel Corporation
> + * Copyright (C) 2022-2026 Intel Corporation
> */
> #include <linux/slab.h>
> #include <linux/kernel.h>
> @@ -307,6 +307,9 @@ static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata,
> if (old_links == new_links && dormant_links == sdata->vif.dormant_links)
> return 0;
>
> + if (!old_links || !new_links)
> + WARN_ON(sta_info_flush(sdata, -1) > 0);
Maybe WARN_ON_ONCE to keep log spam to a minimum?
Thanks,
Ben
> +
> /* if there were no old links, need to clear the pointers to deflink */
> if (!old_links)
> rem |= BIT(0);
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH wireless-next] wifi: mac80211: check stations are removed before MLD change
2026-05-05 14:17 ` Ben Greear
@ 2026-05-05 15:55 ` Johannes Berg
0 siblings, 0 replies; 3+ messages in thread
From: Johannes Berg @ 2026-05-05 15:55 UTC (permalink / raw)
To: Ben Greear, linux-wireless
On Tue, 2026-05-05 at 07:17 -0700, Ben Greear wrote:
>
> > @@ -307,6 +307,9 @@ static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata,
> > if (old_links == new_links && dormant_links == sdata->vif.dormant_links)
> > return 0;
> >
> > + if (!old_links || !new_links)
> > + WARN_ON(sta_info_flush(sdata, -1) > 0);
>
> Maybe WARN_ON_ONCE to keep log spam to a minimum?
Maybe ... It's never really _supposed_ to happen though, and if it does
then I doubt it would happen twice, at least not in close succession,
since it flushes here. It's a trade-off between the extra state and
potential extra warnings, so not sure the _ONCE is worth it here.
johannes
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-05 15:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-05 13:17 [PATCH wireless-next] wifi: mac80211: check stations are removed before MLD change Johannes Berg
2026-05-05 14:17 ` Ben Greear
2026-05-05 15:55 ` Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox