wifi: cfg80211: remove BSS pointer from cfg80211_disassoc_request

The race described by the comment in mac80211 hasn't existed since the locking rework to use the same lock and for MLO we need to pass the AP MLD address, so just pass the BSSID or AP MLD address instead of the BSS struct pointer, and adjust all the code accordingly. Signed-off-by: Johannes Berg <johannes.berg@intel.com>

wifi: cfg80211: remove BSS pointer from cfg80211_disassoc_request
The race described by the comment in mac80211 hasn't existed since the locking rework to use the same lock and for MLO we need to pass the AP MLD address, so just pass the BSSID or AP MLD address instead of the BSS struct pointer, and adjust all the code accordingly. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8f6e0dfc · Johannes Berg · 98b0b467 · 8f6e0dfc · 8f6e0dfc · 8f6e0dfc
Commit 8f6e0dfc authored Jun 27, 2022 by Johannes Berg
5 changed files
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -2886,7 +2886,7 @@ struct cfg80211_assoc_request {
 * This structure provides information needed to complete IEEE 802.11
 * deauthentication.
 *
- * @bssid: the BSSID of the BSS to deauthenticate from
+ * @bssid: the BSSID or AP MLD address to deauthenticate from
 * @ie: Extra IEs to add to Deauthentication frame or %NULL
 * @ie_len: Length of ie buffer in octets
 * @reason_code: The reason code for the deauthentication
@@ -2907,7 +2907,7 @@ struct cfg80211_deauth_request {
 * This structure provides information needed to complete IEEE 802.11
 * disassociation.
 *
- * @bss: the BSS to disassociate from
+ * @ap_addr: the BSSID or AP MLD address to disassociate from
 * @ie: Extra IEs to add to Disassociation frame or %NULL
 * @ie_len: Length of ie buffer in octets
 * @reason_code: The reason code for the disassociation
@@ -2915,7 +2915,7 @@ struct cfg80211_deauth_request {
 *	Disassociation frame is to be transmitted.
 */
 struct cfg80211_disassoc_request {
-	struct cfg80211_bss *bss;
+	const u8 *ap_addr;
 	const u8 *ie;
 	size_t ie_len;
 	u16 reason_code;

--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -6426,18 +6426,14 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
 {
 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
-	/*
+	if (!sdata->u.mgd.associated ||
-	 * cfg80211 should catch this ... but it's racy since
+	    memcmp(sdata->vif.cfg.ap_addr, req->ap_addr, ETH_ALEN))
-	 * we can receive a disassoc frame, process it, hand it
+		return -ENOTCONN;
-	 * to cfg80211 while that's in a locked section already
-	 * trying to tell us that the user wants to disconnect.
-	 */
-	if (sdata->deflink.u.mgd.bss != req->bss)
-		return -ENOLINK;
 	sdata_info(sdata,
 		   "disassociating from %pM by local choice (Reason: %u=%s)\n",
-		   req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code));
+		   req->ap_addr, req->reason_code,
+		   ieee80211_get_reason_code_string(req->reason_code));
 	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
 			       req->reason_code, !req->local_state_change,

--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -372,7 +372,7 @@ int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
 			 const u8 *ie, int ie_len, u16 reason,
 			 bool local_state_change);
 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
-			   struct net_device *dev, const u8 *bssid,
+			   struct net_device *dev, const u8 *ap_addr,
 			   const u8 *ie, int ie_len, u16 reason,
 			   bool local_state_change);
 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,

--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -370,7 +370,7 @@ int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
 }
 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
-			   struct net_device *dev, const u8 *bssid,
+			   struct net_device *dev, const u8 *ap_addr,
 			   const u8 *ie, int ie_len, u16 reason,
 			   bool local_state_change)
 {
@@ -380,6 +380,7 @@ int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
 		.local_state_change = local_state_change,
 		.ie = ie,
 		.ie_len = ie_len,
+		.ap_addr = ap_addr,
 	};
 	int err;
@@ -388,10 +389,7 @@ int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
 	if (!wdev->connected)
 		return -ENOTCONN;
-	if (ether_addr_equal(wdev->links[0].client.current_bss->pub.bssid,
+	if (memcmp(wdev->u.client.connected_addr, ap_addr, ETH_ALEN))
-			     bssid))
-		req.bss = &wdev->links[0].client.current_bss->pub;
-	else
 		return -ENOTCONN;
 	err = rdev_disassoc(rdev, dev, &req);

--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
@@ -1318,10 +1318,7 @@ TRACE_EVENT(rdev_disassoc,
 	TP_fast_assign(
 		WIPHY_ASSIGN;
 		NETDEV_ASSIGN;
-		if (req->bss)
+		MAC_ASSIGN(bssid, req->ap_addr);
-			MAC_ASSIGN(bssid, req->bss->bssid);
-		else
-			eth_zero_addr(__entry->bssid);
 		__entry->reason_code = req->reason_code;
 		__entry->local_state_change = req->local_state_change;
 	),