Patch "wifi: mac80211: do not pass AP_VLAN vif pointer to drivers during flush" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 3 Dec 2023 15:08:11 -0500

This is a note to let you know that I've just added the patch titled

    wifi: mac80211: do not pass AP_VLAN vif pointer to drivers during flush

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     wifi-mac80211-do-not-pass-ap_vlan-vif-pointer-to-dri.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 68d40693d1b78efe26becf7f8c3d8b9f6f79b7b1
Author: Oldřich Jedlička <oldium.pro@xxxxxxxxx>
Date:   Sat Nov 4 15:13:33 2023 +0100

    wifi: mac80211: do not pass AP_VLAN vif pointer to drivers during flush
    
    [ Upstream commit 3e3a2b645c043f7e3e488d5011478cefb69bbe8b ]
    
    This fixes WARN_ONs when using AP_VLANs after station removal. The flush
    call passed AP_VLAN vif to driver, but because these vifs are virtual and
    not registered with drivers, we need to translate to the correct AP vif
    first.
    
    Closes: https://github.com/openwrt/openwrt/issues/12420
    Fixes: 0b75a1b1e42e ("wifi: mac80211: flush queues on STA removal")
    Fixes: d00800a289c9 ("wifi: mac80211: add flush_sta method")
    Tested-by: Konstantin Demin <rockdrilla@xxxxxxxxx>
    Tested-by: Koen Vandeputte <koen.vandeputte@xxxxxxxxxxxx>
    Signed-off-by: Oldřich Jedlička <oldium.pro@xxxxxxxxx>
    Link: https://lore.kernel.org/r/20231104141333.3710-1-oldium.pro@xxxxxxxxx
    Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index c4505593ba7a6..2bc2fbe58f944 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -23,7 +23,7 @@
 static inline struct ieee80211_sub_if_data *
 get_bss_sdata(struct ieee80211_sub_if_data *sdata)
 {
-	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
+	if (sdata && sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
 		sdata = container_of(sdata->bss, struct ieee80211_sub_if_data,
 				     u.ap);
 
@@ -638,10 +638,13 @@ static inline void drv_flush(struct ieee80211_local *local,
 			     struct ieee80211_sub_if_data *sdata,
 			     u32 queues, bool drop)
 {
-	struct ieee80211_vif *vif = sdata ? &sdata->vif : NULL;
+	struct ieee80211_vif *vif;
 
 	might_sleep();
 
+	sdata = get_bss_sdata(sdata);
+	vif = sdata ? &sdata->vif : NULL;
+
 	if (sdata && !check_sdata_in_driver(sdata))
 		return;
 
@@ -657,6 +660,8 @@ static inline void drv_flush_sta(struct ieee80211_local *local,
 {
 	might_sleep();
 
+	sdata = get_bss_sdata(sdata);
+
 	if (sdata && !check_sdata_in_driver(sdata))
 		return;
 






