[PATCH AUTOSEL 6.18-5.10] wifi: mac80211: collect station statistics earlier when disconnect

[Sasha Levin <sashal@kernel.org>]

From: Baochen Qiang <baochen.qiang@oss.qualcomm.com>

[ Upstream commit a203dbeeca15a9b924f0d51f510921f4bae96801 ]

In __sta_info_destroy_part2(), station statistics are requested after the
IEEE80211_STA_NONE -> IEEE80211_STA_NOTEXIST transition. This is
problematic because the driver may be unable to handle the request due to
the STA being in the NOTEXIST state (i.e. if the driver destroys the
underlying data when transitioning to NOTEXIST).

Move the statistics collection to before the state transition to avoid
this issue.

Signed-off-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
Link: https://patch.msgid.link/20251222-mac80211-move-station-stats-collection-earlier-v1-1-12cd4e42c633@oss.qualcomm.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

LLM Generated explanations, may be completely bogus:

## Analysis of wifi: mac80211: collect station statistics earlier when
disconnect

### 1. COMMIT MESSAGE ANALYSIS

The commit message clearly identifies a **bug fix** for an ordering
problem:
- In `__sta_info_destroy_part2()`, station statistics are collected
  **after** the STA transitions to `IEEE80211_STA_NOTEXIST`
- This is problematic because drivers may have already destroyed the
  underlying data structures when entering NOTEXIST state
- The fix moves statistics collection to **before** the NOTEXIST
  transition

Key indicators:
- "problematic" - acknowledges a real issue
- Clear explanation of the root cause (ordering)
- Author is from Qualcomm (driver vendor likely experiencing this issue)
- Signed off by Johannes Berg (mac80211 maintainer) - strong positive
  signal

### 2. CODE CHANGE ANALYSIS

**The actual change is minimal - just moving 3 lines of code:**

```c
// MOVED FROM AFTER drv_sta_state() TO BEFORE IT:
sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
if (sinfo)
    sta_set_sinfo(sta, sinfo, true);
```

**Before the fix (buggy order):**
1. Transition STA to NONE state
2. Call `drv_sta_state()` to transition NONE→NOTEXIST (driver may
   destroy internal STA data here)
3. Try to collect statistics via `sta_set_sinfo()` → **FAILS if driver
   destroyed data**
4. Report statistics to cfg80211

**After the fix (correct order):**
1. Transition STA to NONE state
2. Collect statistics via `sta_set_sinfo()` → **STA data still valid**
3. Call `drv_sta_state()` to transition NONE→NOTEXIST
4. Report statistics to cfg80211

The `cfg80211_del_sta_sinfo()` call remains in the same relative
position (after statistics collection and after transition), so the
interface to cfg80211 is preserved.

### 3. CLASSIFICATION

- **Type:** Bug fix (ordering/race condition fix)
- **Subsystem:** WiFi mac80211 (core wireless stack)
- **Not a feature addition:** No new functionality, just correcting
  execution order

### 4. SCOPE AND RISK ASSESSMENT

**Scope:**
- 1 file changed
- Net 0 lines added (pure code movement)
- Single function affected: `__sta_info_destroy_part2()`

**Risk: VERY LOW**
- The same operations are performed, just in different order
- `sta_set_sinfo()` reads statistics - no side effects that would affect
  the subsequent NOTEXIST transition
- The `sinfo` pointer is still passed to `cfg80211_del_sta_sinfo()`
  correctly
- No logic changes, no new error paths

### 5. USER IMPACT

**Who is affected:**
- All WiFi users during disconnection events
- Disconnection is a common operation (switching networks, leaving WiFi
  range, suspending laptop, etc.)

**Severity:**
- Without fix: Statistics may be missing, incorrect, or in worst case
  cause driver errors/crashes depending on how drivers handle requests
  when STA data is already destroyed
- Qualcomm drivers (ath11k/ath12k) are likely affected based on author
  affiliation

### 6. STABILITY INDICATORS

- **Reviewed/signed by mac80211 maintainer** (Johannes Berg) - major
  positive signal
- Simple, self-contained fix with clear rationale
- The fix addresses a specific defect in existing code

### 7. DEPENDENCY CHECK

- **No dependencies:** This is a standalone fix
- The affected function `__sta_info_destroy_part2()` exists in all
  recent stable kernels
- No prerequisite commits needed

### Summary

| Criterion | Assessment |
|-----------|------------|
| Fixes real bug | ✅ Yes - ordering causes driver failures |
| Obviously correct | ✅ Yes - simple code movement |
| Small and contained | ✅ Yes - 3 lines moved, 1 function |
| No new features | ✅ Yes - just reordering |
| Risk level | ✅ Very low |
| Maintainer review | ✅ Johannes Berg (mac80211 maintainer) |

This commit fixes a real bug affecting WiFi station disconnection. The
fix is surgical (moving 3 lines of code earlier), has zero risk of
introducing regressions since it's pure code reordering with no
functional changes, and has been reviewed by the mac80211 maintainer.
The bug affects all WiFi users during disconnection events, which is a
very common operation.

**YES**

 net/mac80211/sta_info.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index f4d3b67fda062..1a995bc301b19 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -1533,6 +1533,10 @@ static void __sta_info_destroy_part2(struct sta_info *sta, bool recalc)
 		}
 	}
 
+	sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
+	if (sinfo)
+		sta_set_sinfo(sta, sinfo, true);
+
 	if (sta->uploaded) {
 		ret = drv_sta_state(local, sdata, sta, IEEE80211_STA_NONE,
 				    IEEE80211_STA_NOTEXIST);
@@ -1541,9 +1545,6 @@ static void __sta_info_destroy_part2(struct sta_info *sta, bool recalc)
 
 	sta_dbg(sdata, "Removed STA %pM\n", sta->sta.addr);
 
-	sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
-	if (sinfo)
-		sta_set_sinfo(sta, sinfo, true);
 	cfg80211_del_sta_sinfo(sdata->dev, sta->sta.addr, sinfo, GFP_KERNEL);
 	kfree(sinfo);
 
-- 
2.51.0