| From: Johannes Berg <johannes.berg@intel.com> |
| Date: Mon, 13 Mar 2023 11:42:12 +0100 |
| Subject: [PATCH] wifi: mac80211: flush queues on STA removal |
| |
| When we remove a station, we first make it unreachable, |
| then we (must) remove its keys, and then remove the |
| station itself. Depending on the hardware design, if |
| we have hardware crypto at all, frames still sitting |
| on hardware queues may then be transmitted without a |
| valid key, possibly unencrypted or with a fixed key. |
| |
| Fix this by flushing the queues when removing stations |
| so this cannot happen. |
| |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| Reviewed-by: Greenman, Gregory <gregory.greenman@intel.com> |
| --- |
| |
| --- a/net/mac80211/sta_info.c |
| +++ b/net/mac80211/sta_info.c |
| @@ -1070,6 +1070,14 @@ static void __sta_info_destroy_part2(str |
| WARN_ON_ONCE(ret); |
| } |
| |
| + /* Flush queues before removing keys, as that might remove them |
| + * from hardware, and then depending on the offload method, any |
| + * frames sitting on hardware queues might be sent out without |
| + * any encryption at all. |
| + */ |
| + if (local->ops->set_key) |
| + ieee80211_flush_queues(local, sta->sdata, false); |
| + |
| /* now keys can no longer be reached */ |
| ieee80211_free_sta_keys(local, sta); |
| |