diff options
| author | Felix Fietkau <nbd@nbd.name> | 2023-03-24 13:32:36 +0100 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2023-04-02 20:48:17 +0200 |
| commit | 6035401f46461bcbe4f0a78d6a751f9ae09557ae (patch) | |
| tree | 7c1fe942caf7af674efd51a059d04f7a11c74fa4 | |
| parent | fc1750b305a991c7b263ea79ad921cb8952d8703 (diff) | |
| download | upstream-6035401f46461bcbe4f0a78d6a751f9ae09557ae.tar.gz upstream-6035401f46461bcbe4f0a78d6a751f9ae09557ae.tar.bz2 upstream-6035401f46461bcbe4f0a78d6a751f9ae09557ae.zip | |
mac80211: fix invalid calls to drv_sta_pre_rcu_remove
Potentially fixes some driver data structure corruption issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9779ee021d30508eb9e7ebf1ec0a28a4be3c4c19)
[Change patch number]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
| -rw-r--r-- | package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch b/package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch new file mode 100644 index 0000000000..01a6c51065 --- /dev/null +++ b/package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch @@ -0,0 +1,25 @@ +From: Felix Fietkau <nbd@nbd.name> +Date: Fri, 24 Mar 2023 13:04:17 +0100 +Subject: [PATCH] wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for + non-uploaded sta + +Avoid potential data corruption issues caused by uninitialized driver +private data structures. + +Reported-by: Brian Coverstone <brian@mainsequence.net> +Fixes: 6a9d1b91f34d ("mac80211: add pre-RCU-sync sta removal driver operation") +Signed-off-by: Felix Fietkau <nbd@nbd.name> +--- + +--- a/net/mac80211/sta_info.c ++++ b/net/mac80211/sta_info.c +@@ -1041,7 +1041,8 @@ static int __must_check __sta_info_destr + list_del_rcu(&sta->list); + sta->removed = true; + +- drv_sta_pre_rcu_remove(local, sta->sdata, sta); ++ if (sta->uploaded) ++ drv_sta_pre_rcu_remove(local, sta->sdata, sta); + + if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN && + rcu_access_pointer(sdata->u.vlan.sta) == sta) |