Commit 321028bc authored by Johannes Berg's avatar Johannes Berg
Browse files

wifi: mac80211: disable softirqs for queued frame handling 



As noticed by syzbot, calling ieee80211_handle_queued_frames()
(and actually handling frames there) requires softirqs to be
disabled, since we call into the RX code. Fix that in the case
of cleaning up frames left over during shutdown.

Fixes: 177c6ae9 ("wifi: mac80211: handle tasklet frames before stopping")
Reported-by: default avatar <syzbot+1d516edf1e74469ba5d3@syzkaller.appspotmail.com>
Link: https://patch.msgid.link/20240626091559.cd6f08105a6e.I74778610a5ff2cf8680964698131099d2960352a@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent d1cba2ea

net/mac80211/main.c

+1 −0
Original line number Diff line number Diff line
@@ -423,6 +423,7 @@ u64 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata) 
	       BSS_CHANGED_ERP_SLOT;

}



/* context: requires softirqs disabled */

void ieee80211_handle_queued_frames(struct ieee80211_local *local)

{

	struct sk_buff *skb;

net/mac80211/util.c

+2 −0
Original line number Diff line number Diff line
@@ -1567,7 +1567,9 @@ u32 ieee80211_sta_get_rates(struct ieee80211_sub_if_data *sdata, 


void ieee80211_stop_device(struct ieee80211_local *local)

{

	local_bh_disable();

	ieee80211_handle_queued_frames(local);

	local_bh_enable();



	ieee80211_led_radio(local, false);

	ieee80211_mod_tpt_led_trig(local, 0, IEEE80211_TPT_LEDTRIG_FL_RADIO);