From 60bcef6c67edf66ff96367e03aaa70422585ea4a Mon Sep 17 00:00:00 2001
From: Moon Hee Lee <moonhee.lee.ca@gmail.com>
Date: Mon, 14 Jul 2025 19:02:10 -0700
Subject: [PATCH] mac80211: reject TDLS operations when station is not
 associated
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

TDLS can be established only after the STA is connected to an AP.
If userspace (or fuzzers) issues NL80211_TDLS_* commands before
association is complete, internal state such as sdata->u.mgd.tdls_peer
remains uninitialised and ieee80211_tdls_oper() raises WARN_ON().

Add an “associated” check in ieee80211_tdls_oper() so the function
returns -EINVAL whenever the interface is not both in station mode
and already associated.

Signed-off-by: Moon Hee Lee <moonhee.lee.ca@gmail.com>
---
 net/mac80211/tdls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mac80211/tdls.c b/net/mac80211/tdls.c
index 94714f8ffd22..ba5fbacbeeda 100644
--- a/net/mac80211/tdls.c
+++ b/net/mac80211/tdls.c
@@ -1422,7 +1422,7 @@ int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev,
 	if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
 		return -EOPNOTSUPP;
 
-	if (sdata->vif.type != NL80211_IFTYPE_STATION)
+	if (sdata->vif.type != NL80211_IFTYPE_STATION || !sdata->vif.cfg.assoc)
 		return -EINVAL;
 
 	switch (oper) {
-- 
2.43.0