wifi: mac80211: check for station first in client probe

When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't even started yet. Since a client existing means the AP is also operating, we can then keep the warning. Also simplify the moved code a bit. Reported-by: syzbot+999fac712d84878a7379@syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2023-08-15 18:41:32 +0200
committer: Johannes Berg <johannes.berg@intel.com> 2023-08-22 21:40:39 +0200
commit: 67dfa589aa8806c7959cbca2f4613b8d41c75a06 (patch)
tree: 9932c06deb046398b83c5dad7e999ee5b788c36e /net/mac80211/cfg.c
parent: abc76cf552e13cfa88a204b362a86b0e08e95228 (diff)
1 files changed, 8 insertions, 7 deletions
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index e7ac24603892..953f24166ffc 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -4133,19 +4133,20 @@ static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev,
 	mutex_lock(&local->mtx);
 
 	rcu_read_lock();
+	sta = sta_info_get_bss(sdata, peer);
+	if (!sta) {
+		ret = -ENOLINK;
+		goto unlock;
+	}
+
+	qos = sta->sta.wme;
+
 	chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
 	if (WARN_ON(!chanctx_conf)) {
 		ret = -EINVAL;
 		goto unlock;
 	}
 	band = chanctx_conf->def.chan->band;
-	sta = sta_info_get_bss(sdata, peer);
-	if (sta) {
-		qos = sta->sta.wme;
-	} else {
-		ret = -ENOLINK;
-		goto unlock;
-	}
 
 	if (qos) {
 		fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
author	Johannes Berg <johannes.berg@intel.com>	2023-08-15 18:41:32 +0200
committer	Johannes Berg <johannes.berg@intel.com>	2023-08-22 21:40:39 +0200
commit	67dfa589aa8806c7959cbca2f4613b8d41c75a06 (patch)
tree	9932c06deb046398b83c5dad7e999ee5b788c36e /net/mac80211/cfg.c
parent	abc76cf552e13cfa88a204b362a86b0e08e95228 (diff)