From: Johannes Berg <johannes.berg@xxxxxxxxx>
commit 321028bc45f01edb9e57b0ae5c11c5c3600d00ca upstream.
As noticed by syzbot, calling ieee80211_handle_queued_frames()
(and actually handling frames there) requires softirqs to be
disabled, since we call into the RX code. Fix that in the case
of cleaning up frames left over during shutdown.
Fixes: 177c6ae9725d ("wifi: mac80211: handle tasklet frames before stopping")
Reported-by: syzbot+1d516edf1e74469ba5d3@xxxxxxxxxxxxxxxxxxxxxxxxx
Link: https://patch.msgid.link/20240626091559.cd6f08105a6e.I74778610a5ff2cf8680964698131099d2960352a@changeid
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/mac80211/main.c | 1 +
net/mac80211/util.c | 2 ++
2 files changed, 3 insertions(+)
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -423,6 +423,7 @@ u64 ieee80211_reset_erp_info(struct ieee
BSS_CHANGED_ERP_SLOT;
}
+/* context: requires softirqs disabled */
void ieee80211_handle_queued_frames(struct ieee80211_local *local)
{
struct sk_buff *skb;
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1567,7 +1567,9 @@ u32 ieee80211_sta_get_rates(struct ieee8
void ieee80211_stop_device(struct ieee80211_local *local)
{
+ local_bh_disable();
ieee80211_handle_queued_frames(local);
+ local_bh_enable();
ieee80211_led_radio(local, false);
ieee80211_mod_tpt_led_trig(local, 0, IEEE80211_TPT_LEDTRIG_FL_RADIO);
Patches currently in stable-queue which might be from johannes.berg@xxxxxxxxx are
queue-6.9/wifi-cfg80211-fix-6-ghz-scan-request-building.patch
queue-6.9/wifi-iwlwifi-mvm-remove-stale-sta-link-data-during-r.patch
queue-6.9/wifi-iwlwifi-mvm-d3-fix-wowlan-command-version-looku.patch
queue-6.9/wifi-mac80211-handle-tasklet-frames-before-stopping.patch
queue-6.9/wifi-iwlwifi-mvm-handle-bigtk-cipher-in-kek_kck-cmd.patch
queue-6.9/wifi-iwlwifi-mvm-fix-scan-abort-handling-with-hw-rfk.patch
queue-6.9/wifi-mac80211-fix-ubsan-noise-in-ieee80211_prep_hw_s.patch
queue-6.9/wifi-iwlwifi-mvm-don-t-wake-up-rx_sync_waitq-upon-rfkill.patch
queue-6.9/wifi-cfg80211-wext-set-ssids-null-for-passive-scans.patch
queue-6.9/wifi-mac80211-mesh-init-nonpeer_pm-to-active-by-defa.patch
queue-6.9/wifi-iwlwifi-properly-set-wiphy_flag_supports_ext_ke.patch
queue-6.9/wifi-iwlwifi-mvm-handle-ba-session-teardown-in-rf-ki.patch
queue-6.9/wifi-mac80211-apply-mcast-rate-only-if-interface-is-.patch
queue-6.9/wifi-mac80211-disable-softirqs-for-queued-frame-handling.patch
queue-6.9/wifi-cfg80211-wext-add-extra-siocsiwscan-data-check.patch
queue-6.9/wifi-iwlwifi-mvm-properly-set-6-ghz-channel-direct-p.patch
queue-6.9/wifi-mac80211-avoid-address-calculations-via-out-of-.patch
