wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta

[ Upstream commit 12b220a6171faf10638ab683a975cadcf1a352d6 ] Avoid potential data corruption issues caused by uninitialized driver private data structures. Reported-by: Brian Coverstone <brian@mainsequence.net> Fixes: 6a9d1b91f34d ("mac80211: add pre-RCU-sync sta removal driver operation") Signed-off-by: Felix Fietkau <nbd@nbd.name> Link: https://lore.kernel.org/r/20230324120924.38412-3-nbd@nbd.name Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Felix Fietkau <nbd@nbd.name> 2023-03-24 15:09:24 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-04-13 17:55:19 +0300
commit: 022c8320d9eb7394538bd716fa1a07a5ed92621b (patch)
tree: cb832cbc86241040efb8128a5e7f1ba646c02be2
parent: c46239e6295cd8719f773abd804ea987496beb0e (diff)
download: linux-022c8320d9eb7394538bd716fa1a07a5ed92621b.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 3603cbc16757..30efa26f977f 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -1242,7 +1242,8 @@ static int __must_check __sta_info_destroy_part1(struct sta_info *sta)
 	list_del_rcu(&sta->list);
 	sta->removed = true;
 
-	drv_sta_pre_rcu_remove(local, sta->sdata, sta);
+	if (sta->uploaded)
+		drv_sta_pre_rcu_remove(local, sta->sdata, sta);
 
 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
 	    rcu_access_pointer(sdata->u.vlan.sta) == sta)
author	Felix Fietkau <nbd@nbd.name>	2023-03-24 15:09:24 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-04-13 17:55:19 +0300
commit	022c8320d9eb7394538bd716fa1a07a5ed92621b (patch)
tree	cb832cbc86241040efb8128a5e7f1ba646c02be2
parent	c46239e6295cd8719f773abd804ea987496beb0e (diff)
download	linux-022c8320d9eb7394538bd716fa1a07a5ed92621b.tar.xz