wifi: mac80211: flush queues on STA removal

When we remove a station, we first make it unreachable, then we (must) remove its keys, and then remove the station itself. Depending on the hardware design, if we have hardware crypto at all, frames still sitting on hardware queues may then be transmitted without a valid key, possibly unencrypted or with a fixed key. Fix this by flushing the queues when removing stations so this cannot happen. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2023-03-31 16:59:16 +0200
committer: Johannes Berg <johannes.berg@intel.com> 2023-04-13 16:32:22 +0200
commit: 0b75a1b1e42e07ae84e3a11d2368b418546e2bec (patch)
tree: 79791df82ca12044876e91a946291170bce2490e /net/mac80211
parent: 2c9abe653bc5134eeab411c46dde008d8a1c37b0 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 941bda9141fa..ce7c3b997269 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -1294,6 +1294,14 @@ static void __sta_info_destroy_part2(struct sta_info *sta)
 		WARN_ON_ONCE(ret);
 	}
 
+	/* Flush queues before removing keys, as that might remove them
+	 * from hardware, and then depending on the offload method, any
+	 * frames sitting on hardware queues might be sent out without
+	 * any encryption at all.
+	 */
+	if (local->ops->set_key)
+		ieee80211_flush_queues(local, sta->sdata, false);
+
 	/* now keys can no longer be reached */
 	ieee80211_free_sta_keys(local, sta);
author	Johannes Berg <johannes.berg@intel.com>	2023-03-31 16:59:16 +0200
committer	Johannes Berg <johannes.berg@intel.com>	2023-04-13 16:32:22 +0200
commit	0b75a1b1e42e07ae84e3a11d2368b418546e2bec (patch)
tree	79791df82ca12044876e91a946291170bce2490e /net/mac80211
parent	2c9abe653bc5134eeab411c46dde008d8a1c37b0 (diff)