| developer | 36fe709 | 2023-09-27 12:24:47 +0800 | [diff] [blame] | 1 | From: Johannes Berg <johannes.berg@intel.com> |
| 2 | Date: Mon, 13 Mar 2023 11:42:12 +0100 |
| 3 | Subject: [PATCH] wifi: mac80211: flush queues on STA removal |
| 4 | |
| 5 | When we remove a station, we first make it unreachable, |
| 6 | then we (must) remove its keys, and then remove the |
| 7 | station itself. Depending on the hardware design, if |
| 8 | we have hardware crypto at all, frames still sitting |
| 9 | on hardware queues may then be transmitted without a |
| 10 | valid key, possibly unencrypted or with a fixed key. |
| 11 | |
| 12 | Fix this by flushing the queues when removing stations |
| 13 | so this cannot happen. |
| 14 | |
| 15 | Cc: stable@vger.kernel.org |
| 16 | Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| 17 | Reviewed-by: Greenman, Gregory <gregory.greenman@intel.com> |
| 18 | --- |
| 19 | |
| 20 | --- a/net/mac80211/sta_info.c |
| 21 | +++ b/net/mac80211/sta_info.c |
| 22 | @@ -1271,6 +1271,14 @@ static void __sta_info_destroy_part2(str |
| 23 | WARN_ON_ONCE(ret); |
| 24 | } |
| 25 | |
| 26 | + /* Flush queues before removing keys, as that might remove them |
| 27 | + * from hardware, and then depending on the offload method, any |
| 28 | + * frames sitting on hardware queues might be sent out without |
| 29 | + * any encryption at all. |
| 30 | + */ |
| 31 | + if (local->ops->set_key) |
| 32 | + ieee80211_flush_queues(local, sta->sdata, false); |
| 33 | + |
| 34 | /* now keys can no longer be reached */ |
| 35 | ieee80211_free_sta_keys(local, sta); |
| 36 | |