Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp7872517rdb; Thu, 4 Jan 2024 10:11:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IFzcmhA9vnwFlzuwBbGyaoKCcMEjHtFSKuWcKgLkQr713XOnF9K0Ho5BGSIFxHU9l52cSA7 X-Received: by 2002:a05:6a21:3398:b0:197:5779:4d29 with SMTP id yy24-20020a056a21339800b0019757794d29mr963497pzb.25.1704391874366; Thu, 04 Jan 2024 10:11:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704391874; cv=none; d=google.com; s=arc-20160816; b=iWR73Vy72gbaExFFLpMmD5nSaJqqcR/nWnDteb7ZBg5SCIop5iHEgGuzz1It50X2Fl ne58drHVNeBN4Kp7KIc1M+78fWf+ZO09PTF2Ufi1hgAndX2YiO8lWV84S8KXjTyDsoPX N29lmwWt+CScT0Xt2+I6nXIloRF4CZRZ1JM10ExX7ADCAmd7+zulMu/dUViL9aOxjwSV tBubD//KhU6AaWlNQppAFRWFa0jqDgGm72Dk/5WHcWOIl1iyXlUVcvUn2QDtFQJsrUGm WMmqosEF/mX0A746aF12O3w4zeVYqlYgjYL/ACjdcKmFV9GEPlUTWBZS08bADaCmkZc0 wojQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=UkXFT0lQ9CqNvgq0kd0IOt5EAQwJbg+cdGqdQCoY6I0=; fh=KUmwsLzLkhXVl2jJ4u39Wpqo57xilkMpy8GHdaLYkMM=; b=cyQAFyQoXkkk0YICGDBrZBZI/atdKyDAmZSIEOsEu1tnoantYlz+9zeGVgJZomO+HZ PW2eYuD2Hd4+f5GW0ZULNHRRsnFMxrg6op+MwuNiQ6IchRTi9EdJinbvnxaG3QbhChLC 0tFXaQAPceiqKtmwoWwzE4wTDg8qJEjkpCp/o88NmxXt/kCV+vwl2WoTgcIy9dX2M6qg BXkSloXZge8+5snpaPli8uyWdzWNGrbnxlyP7CFtHzQtUQySTdEzigssVj316JbUvnrp FpXx9OaPuBeAfKQT3cyRcPdeMV3l8ofmbvjkKkW+yP0fWFjju4/Rjd/bfNrXZ1btsWK9 2ntQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=biE7bXtH; spf=pass (google.com: domain of linux-wireless+bounces-1508-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1508-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id fj1-20020a056a003a0100b006dabae16930si2727347pfb.102.2024.01.04.10.11.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jan 2024 10:11:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless+bounces-1508-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=biE7bXtH; spf=pass (google.com: domain of linux-wireless+bounces-1508-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1508-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7D12E285EEC for ; Thu, 4 Jan 2024 18:11:13 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5D2D328DB6; Thu, 4 Jan 2024 18:11:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=nbd.name header.i=@nbd.name header.b="biE7bXtH" X-Original-To: linux-wireless@vger.kernel.org Received: from nbd.name (nbd.name [46.4.11.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7122828DB1 for ; Thu, 4 Jan 2024 18:11:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nbd.name Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=nbd.name DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name; s=20160729; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject: Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=UkXFT0lQ9CqNvgq0kd0IOt5EAQwJbg+cdGqdQCoY6I0=; b=biE7bXtHXKWM2K8AXz5w3GtqiK ZMaaug26Em0xeeSwCHl8g+fPtfnwzC/6COVGSiKAZ1OCp5sd02OI89jfcWf8XYfeef+wCfx0THwyM ykx4PgvbJzMp5WkX/p+kI9jaqDQeQ+y2RIxPOLHhW8+drh/ze9YpODqcWVluAK8V5CL0=; Received: from p4ff13178.dip0.t-ipconnect.de ([79.241.49.120] helo=localhost.localdomain) by ds12 with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Exim 4.94.2) (envelope-from ) id 1rLSBL-0013NC-MV; Thu, 04 Jan 2024 19:11:03 +0100 From: Felix Fietkau To: linux-wireless@vger.kernel.org Cc: johannes@sipsolutions.net Subject: [PATCH] wifi: mac80211: fix race condition on enabling fast-xmit Date: Thu, 4 Jan 2024 19:10:59 +0100 Message-ID: <20240104181059.84032-1-nbd@nbd.name> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta. Signed-off-by: Felix Fietkau --- net/mac80211/sta_info.c | 1 + net/mac80211/tx.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index bf1adcd96b41..de34aebc6064 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -909,6 +909,7 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU) if (ieee80211_vif_is_mesh(&sdata->vif)) mesh_accept_plinks_update(sdata); + ieee80211_check_fast_xmit(sta); return 0; out_remove: diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 314998fdb1a5..68a48abc7287 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -3048,7 +3048,7 @@ void ieee80211_check_fast_xmit(struct sta_info *sta) sdata->vif.type == NL80211_IFTYPE_STATION) goto out; - if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED)) + if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded) goto out; if (test_sta_flag(sta, WLAN_STA_PS_STA) || -- 2.43.0