On 7/19/24 12:38 PM, Berg, Benjamin wrote:
So, the simple way to prevent this error is to make sure that
ieee80211_debugfs_recreate_netdev is never called while we have a
station. In the case of this report we seem to be getting there via a
mac address change (i.e. ieee80211_change_mac) and the sane thing would
be to just return -EBUSY instead of permitting the operation to
continue.
Just to check whether I understand this:
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index a3485e4c6132..d5adbe5b3e51 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1173,6 +1173,8 @@ struct ieee80211_sub_if_data {
u16 restart_active_links;
+ u32 sta_count;
+
#ifdef CONFIG_MAC80211_DEBUGFS
struct {
struct dentry *subdir_stations;
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index b4ad66af3af3..d8e6e411d754 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -215,6 +215,9 @@ static int ieee80211_can_powered_addr_change(struct ieee80211_sub_if_data *sdata
if (netif_carrier_ok(sdata->dev))
return -EBUSY;
+ if (sdata->sta_count)
+ return -EBUSY;
+
/* First check no ROC work is happening on this iface */
list_for_each_entry(roc, &local->roc_list, list) {
if (roc->sdata != sdata)
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index aa22f09e6d14..42657afb6d22 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -443,6 +443,7 @@ void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
#endif
sta_info_free_link(&sta->deflink);
+ sta->sdata->sta_count--;
kfree(sta);
}
@@ -691,6 +692,7 @@ __sta_info_alloc(struct ieee80211_sub_if_data *sdata,
sta->cparams.ce_threshold_mask = 0;
sta_dbg(sdata, "Allocated STA %pM\n", sta->sta.addr);
+ sdata->sta_count++;
return sta;
Dmitry
