From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20230168AB for ; Fri, 8 Sep 2023 18:19:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8E7AC116A7; Fri, 8 Sep 2023 18:19:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1694197153; bh=0YXk5J/NyZx5HU6ntAlvQZ93TdO00vwCrjzDesKa/gM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oV/uEfKo0e2e5wErv1J/aI7d05JK2AN6Iv/bXrTTBnIDebQqGrTMOQN6UJECvBLMO sMS7RiepuTsRQNCy0yKYyUtabVB5eojvQ0gAP14d78FTj2gWRKtUaS+eWhgiaLFmcK jKP+/zNqjc+WObFEo+Dof8be5rNReYMmrbnScepyTWRbr6ZnYb6SU3EUFjQzDk8cfP KBaHna6L3l25i/suEFkjaE1HjmNpZu3ODD90vdQTt7bIVJ1BDywrundko4Y/7BOonb 10hFzCzg9ly4xsboW3mM5UgstHbTCADD6aapVZqgjQAGdia6vvS4VCojO38pLsfh6w dhAaJyPsbAHjg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Johannes Berg , syzbot+999fac712d84878a7379@syzkaller.appspotmail.com, Sasha Levin , johannes@sipsolutions.net, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, linux-wireless@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 6.1 23/26] wifi: mac80211: check for station first in client probe Date: Fri, 8 Sep 2023 14:18:01 -0400 Message-Id: <20230908181806.3460164-23-sashal@kernel.org> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230908181806.3460164-1-sashal@kernel.org> References: <20230908181806.3460164-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 6.1.52 Content-Transfer-Encoding: 8bit From: Johannes Berg [ Upstream commit 67dfa589aa8806c7959cbca2f4613b8d41c75a06 ] When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't even started yet. Since a client existing means the AP is also operating, we can then keep the warning. Also simplify the moved code a bit. Reported-by: syzbot+999fac712d84878a7379@syzkaller.appspotmail.com Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- net/mac80211/cfg.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 23a44edcb11f7..cf3453b532d67 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -3991,19 +3991,20 @@ static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev, mutex_lock(&local->mtx); rcu_read_lock(); + sta = sta_info_get_bss(sdata, peer); + if (!sta) { + ret = -ENOLINK; + goto unlock; + } + + qos = sta->sta.wme; + chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf); if (WARN_ON(!chanctx_conf)) { ret = -EINVAL; goto unlock; } band = chanctx_conf->def.chan->band; - sta = sta_info_get_bss(sdata, peer); - if (sta) { - qos = sta->sta.wme; - } else { - ret = -ENOLINK; - goto unlock; - } if (qos) { fc = cpu_to_le16(IEEE80211_FTYPE_DATA | -- 2.40.1