[6/8] wifi: mac80211: fix potential sta-link leak

Message ID	20240111181514.6573998beaf8.I09ac2e1d41c80f82a5a616b8bd1d9d8dd709a6a6@changeid (mailing list archive)
State	Accepted
Delegated to:	Johannes Berg
Headers	show Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A42E55C2A for <linux-wireless@vger.kernel.org>; Thu, 11 Jan 2024 16:18:41 +0000 (UTC) From: Miri Korenblit <miriam.rachel.korenblit@intel.com> To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Johannes Berg <johannes.berg@intel.com>, Ilan Peer <ilan.peer@intel.com> Subject: [PATCH 6/8] wifi: mac80211: fix potential sta-link leak Date: Thu, 11 Jan 2024 18:17:44 +0200 Message-Id: <20240111181514.6573998beaf8.I09ac2e1d41c80f82a5a616b8bd1d9d8dd709a6a6@changeid> In-Reply-To: <20240111161746.3978601-1-miriam.rachel.korenblit@intel.com> References: <20240111161746.3978601-1-miriam.rachel.korenblit@intel.com> Precedence: bulk MIME-Version: 1.0 Organization: Intel Israel (74) Limited Content-Transfer-Encoding: 8bit
Series	cfg80211/mac80211 patches from our internal tree 2024-01-11 \| expand [0/8] cfg80211/mac80211 patches from our internal tree 2024-01-11 [1/8] wifi: mac80211_hwsim: advertise 15 simultaneous links [2/8] wifi: mac80211: simplify ieee80211_config_bw() prototype [3/8] wifi: mac80211: remove extra element parsing [4/8] wifi: mac80211: simplify HE capability access [5/8] wifi: mac80211: disallow drivers with HT wider than HE [6/8] wifi: mac80211: fix potential sta-link leak [7/8] wifi: mac80211: don't set bss_conf in parsing [8/8] wifi: mac80211: use deflink and fix typo in link ID check

Message ID

20240111181514.6573998beaf8.I09ac2e1d41c80f82a5a616b8bd1d9d8dd709a6a6@changeid (mailing list archive)

State

Accepted

Delegated to:

Johannes Berg

Headers

From: Miri Korenblit <miriam.rachel.korenblit@intel.com>
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org,
	Johannes Berg <johannes.berg@intel.com>,
	Ilan Peer <ilan.peer@intel.com>
Subject: [PATCH 6/8] wifi: mac80211: fix potential sta-link leak
Date: Thu, 11 Jan 2024 18:17:44 +0200
Message-Id: 
 <20240111181514.6573998beaf8.I09ac2e1d41c80f82a5a616b8bd1d9d8dd709a6a6@changeid>
In-Reply-To: <20240111161746.3978601-1-miriam.rachel.korenblit@intel.com>
References: <20240111161746.3978601-1-miriam.rachel.korenblit@intel.com>
Precedence: bulk
MIME-Version: 1.0
Organization: Intel Israel (74) Limited
Content-Transfer-Encoding: 8bit

Series

cfg80211/mac80211 patches from our internal tree 2024-01-11 | expand

Commit Message

Miri Korenblit Jan. 11, 2024, 4:17 p.m. UTC

From: Johannes Berg <johannes.berg@intel.com>

When a station is allocated, links are added but not
set to valid yet (e.g. during connection to an AP MLD),
we might remove the station without ever marking links
valid, and leak them. Fix that.

Fixes: cb71f1d136a6 ("wifi: mac80211: add sta link addition/removal")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
 net/mac80211/sta_info.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index bf1adcd96b41..92a7ba7c9c9d 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -404,7 +404,10 @@  void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
 	int i;
 
 	for (i = 0; i < ARRAY_SIZE(sta->link); i++) {
-		if (!(sta->sta.valid_links & BIT(i)))
+		struct link_sta_info *link_sta;
+
+		link_sta = rcu_access_pointer(sta->link[i]);
+		if (!link_sta)
 			continue;
 
 		sta_remove_link(sta, i, false);

[6/8] wifi: mac80211: fix potential sta-link leak

Commit Message

Patch