Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3992621pxj; Mon, 21 Jun 2021 10:59:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwxbNWHdQIvKE2siAt+zUnh5XHe2XHoWHcVtmT1+p/EZ4c167ScBNqtNVun8UEBlkJku3tC X-Received: by 2002:a05:6638:3475:: with SMTP id q53mr3088059jav.102.1624298366537; Mon, 21 Jun 2021 10:59:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624298366; cv=none; d=google.com; s=arc-20160816; b=aHCGWalbH5DmHZZnkbkwsN+22oOdIk7U5WCtWrhjsyTsUlDGWHyfiZ7b+jLRj3IRGS AmhcP2p5o+LY/jGPGkr4nbNsdxfBts+5ANU37VI4Wzx5kNpTRSV0R1SWZCJd9YWazCua gCBPVE8O64prJIAwYmu6RUI+8N+AqvpI43eIebBFxscE9+bYNMQJdPYNxF/Ro/de+kI9 R4q9Vi0FxWawNHky/48cUyVffigJY9HFCtqjqASLJNge8y/WyZVQjO6z45D/AjY2k/ZW 56ZPGHndf9U5R3caDGBmF7vB+u6VsObDpRglyOFyobcLruupRA7m4fklO2Z/KhAzukaW O1lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=tBrUPQqy434jyjNLGWflMiN2NFHxuNInp5Z/mYqg8Zw=; b=Wo00xziXHFPe59/Ku2ONsc9tDY+w2vpq1ed9IcAOGcPVs+fWL4YQtAFyMnWfMlJTgu ARIaUEI0NiYOReIrmarYrlw78fvT17p7azFZhbrUf9tDgspkjADpOiwL232J+S7GeT1n wzgI1yIygimy35qP9oUeouqjeF/arg/QomtLNBnyuxBSYwJSy7RPYvR3iqMg1D3r0ijx xl9KaSLi8ZFqLi7WIiPCu/uLF9FQWZyhNyEcwcYIbnGUEXpLAStPnntw3zqlEjy3uzZO StAT/CqamuxgDnIfGD3bBZ1LBWeEjJbVsSwB+J0H484ycOTH/fqk5oHYWP3g0aRN4W2m OPDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="uk2/YT7n"; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o192si20825749jao.55.2021.06.21.10.59.15; Mon, 21 Jun 2021 10:59:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="uk2/YT7n"; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233648AbhFUSAY (ORCPT + 99 others); Mon, 21 Jun 2021 14:00:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:39098 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232564AbhFUR6S (ORCPT ); Mon, 21 Jun 2021 13:58:18 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 371F961357; Mon, 21 Jun 2021 17:54:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1624298045; bh=55DVHUlb33fLzBbcpDnb2kMvPyNHKRg6I8U85tlirjg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uk2/YT7nXSeHfLsOAazeRcd2xLxF+02mGaiOrZen7Dggser3zoDtq6eu8epnVzrUW dw2Y0N7y7hFCtWu+KOH/UXeYHvp6cRZ7kGRoaygagUqCR57ZtDPev98fISalgyfRvP IyksNGExlJOUM+fxXr3zX0wGjUFnAnTgTw3Sp3qmoTU1WguNugBv3nWtpAEVlEOP7R Oa61Rzu5G5BkRfl9z0sWBaY9CmvD0Z647lBsW+WdzG3gtKWcc9Qc0a69oFJefaWYLC kvTlv/bPCSw7LmjNIRU3Zl82D3LjxjcvDMCop0g+t3UaXhu+nnzL3yNNMFFChVUHy4 qSrh0XAcY5Reg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Johannes Berg , syzbot+a063bbf0b15737362592@syzkaller.appspotmail.com, Sasha Levin , linux-wireless@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 5.4 03/26] mac80211_hwsim: drop pending frames on stop Date: Mon, 21 Jun 2021 13:53:36 -0400 Message-Id: <20210621175400.735800-3-sashal@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210621175400.735800-1-sashal@kernel.org> References: <20210621175400.735800-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Johannes Berg [ Upstream commit bd18de517923903a177508fc8813f44e717b1c00 ] Syzbot reports that we may be able to get into a situation where mac80211 has pending ACK frames on shutdown with hwsim. It appears that the reason for this is that syzbot uses the wmediumd hooks to intercept/injection frames, and may shut down hwsim, removing the radio(s), while frames are pending in the air simulation. Clean out the pending queue when the interface is stopped, after this the frames can't be reported back to mac80211 properly anyway. Reported-by: syzbot+a063bbf0b15737362592@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20210517170429.b0f85ab0eda1.Ie42a6ec6b940c971f3441286aeaaae2fe368e29a@changeid Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- drivers/net/wireless/mac80211_hwsim.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index c48c68090d76..1033513d3d9d 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -1458,8 +1458,13 @@ static int mac80211_hwsim_start(struct ieee80211_hw *hw) static void mac80211_hwsim_stop(struct ieee80211_hw *hw) { struct mac80211_hwsim_data *data = hw->priv; + data->started = false; hrtimer_cancel(&data->beacon_timer); + + while (!skb_queue_empty(&data->pending)) + ieee80211_free_txskb(hw, skb_dequeue(&data->pending)); + wiphy_dbg(hw->wiphy, "%s\n", __func__); } -- 2.30.2