WSL2-Linux-Kernel/net/mac80211
Johannes Berg 2af058a26c wifi: mac80211: fix BA session teardown race
[ Upstream commit 05f136220d17839eb7c155f015ace9152f603225 ]

As previously reported by Alexander, whose commit 69403bad97
("wifi: mac80211: sdata can be NULL during AMPDU start") I'm
reverting as part of this commit, there's a race between station
destruction and aggregation setup, where the aggregation setup
can happen while the station is being removed and queue the work
after ieee80211_sta_tear_down_BA_sessions() has already run in
__sta_info_destroy_part1(), and thus the worker will run with a
now freed station. In his case, this manifested in a NULL sdata
pointer, but really there's no guarantee whatsoever.

The real issue seems to be that it's possible at all to have a
situation where this occurs - we want to stop the BA sessions
when doing _part1, but we cannot be sure, and WLAN_STA_BLOCK_BA
isn't necessarily effective since we don't know that the setup
isn't concurrently running and already got past the check.

Simply call ieee80211_sta_tear_down_BA_sessions() again in the
second part of station destruction, since at that point really
nothing else can hold a reference to the station any more.

Also revert the sdata checks since those are just misleading at
this point.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-09-04 13:23:20 +02:00
..
Kconfig
Makefile
aead_api.c
aead_api.h
aes_ccm.h
aes_cmac.c
aes_cmac.h
aes_gcm.h
aes_gmac.c
aes_gmac.h
agg-rx.c
agg-tx.c wifi: mac80211: fix BA session teardown race 2024-09-04 13:23:20 +02:00
airtime.c
cfg.c wifi: mac80211: check basic rates validity 2024-08-19 05:45:50 +02:00
chan.c
debug.h
debugfs.c
debugfs.h
debugfs_key.c
debugfs_key.h
debugfs_netdev.c
debugfs_netdev.h
debugfs_sta.c
debugfs_sta.h
driver-ops.c wifi: mac80211: fix BA session teardown race 2024-09-04 13:23:20 +02:00
driver-ops.h
ethtool.c
fils_aead.c
fils_aead.h
he.c wifi: mac80211: correctly parse Spatial Reuse Parameter Set element 2024-07-05 09:14:05 +02:00
ht.c
ibss.c
ieee80211_i.h wifi: mac80211: handle tasklet frames before stopping 2024-07-27 10:46:08 +02:00
iface.c
key.c
key.h
led.c
led.h
main.c wifi: mac80211: disable softirqs for queued frame handling 2024-07-27 10:46:15 +02:00
mesh.c wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata 2024-07-27 10:46:08 +02:00
mesh.h
mesh_hwmp.c
mesh_pathtbl.c wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects 2024-07-05 09:14:04 +02:00
mesh_plink.c wifi: mac80211: mesh_plink: fix matches_local logic 2024-01-05 15:13:28 +01:00
mesh_ps.c
mesh_sync.c
michael.c
michael.h
mlme.c wifi: mac80211: adding missing drv_mgd_complete_tx() call 2024-03-01 13:21:47 +01:00
ocb.c
offchannel.c
pm.c
rate.c
rate.h
rc80211_minstrel_ht.c
rc80211_minstrel_ht.h
rc80211_minstrel_ht_debugfs.c
rx.c wifi: mac80211: check S1G action frame size 2023-09-23 11:09:56 +02:00
s1g.c
scan.c wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() 2024-07-27 10:46:08 +02:00
spectmgmt.c
sta_info.c wifi: mac80211: fix BA session teardown race 2024-09-04 13:23:20 +02:00
sta_info.h
status.c
tdls.c
tkip.c
tkip.h
trace.c
trace.h
trace_msg.h
tx.c wifi: mac80211: fix race condition on enabling fast-xmit 2024-03-01 13:21:44 +01:00
util.c wifi: mac80211: disable softirqs for queued frame handling 2024-07-27 10:46:15 +02:00
vht.c
wep.c
wep.h
wme.c
wme.h
wpa.c
wpa.h