| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Feb 2024 13:41:16 -0500 From: Sasha Levin <sashal@...nel.org> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org Cc: Felix Fietkau <nbd@....name>, Johannes Berg <johannes.berg@...el.com>, Sasha Levin <sashal@...nel.org>, johannes@...solutions.net, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, linux-wireless@...r.kernel.org, netdev@...r.kernel.org Subject: [PATCH AUTOSEL 5.15 02/11] wifi: mac80211: fix race condition on enabling fast-xmit From: Felix Fietkau <nbd@....name> [ Upstream commit bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f ] fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta. Signed-off-by: Felix Fietkau <nbd@....name> Link: https://msgid.link/20240104181059.84032-1-nbd@nbd.name Signed-off-by: Johannes Berg <johannes.berg@...el.com> Signed-off-by: Sasha Levin <sashal@...nel.org> --- net/mac80211/sta_info.c | 2 ++ net/mac80211/tx.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index e10bcfa20526..f4deee1926e5 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -696,6 +696,8 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU) if (ieee80211_vif_is_mesh(&sdata->vif)) mesh_accept_plinks_update(sdata); + ieee80211_check_fast_xmit(sta); + return 0; out_remove: sta_info_hash_del(local, sta); diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index d5c89c6758f2..2ea0cdc1b506 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -2965,7 +2965,7 @@ void ieee80211_check_fast_xmit(struct sta_info *sta) sdata->vif.type == NL80211_IFTYPE_STATION) goto out; - if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED)) + if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded) goto out; if (test_sta_flag(sta, WLAN_STA_PS_STA) || -- 2.43.0
Powered by blists - more mailing lists