wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state

We first want to flush the station to make sure we no longer have any
frames being Tx by the station before the station is moved to
un-authorized state. Failing to do that will lead to races: a frame may
be sent after the station's state has been changed.

Since the API clearly states that the driver can't fail the sta_state()
transition down the list of state, we can easily flush the station
first, and only then call the driver's sta_state().

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20250306123626.450bc40e8b04.I636ba96843c77f13309c15c9fd6eb0c5a52a7976@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index f83268fa9f928ec468c0d4510d088ed9ea56b400..caa3d0236b5ecfffc86e09a461845d8f03dd7407 100644 (file)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -4,7 +4,7 @@
  * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
  * Copyright 2013-2014  Intel Mobile Communications GmbH
  * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
- * Copyright (C) 2018-2023 Intel Corporation
+ * Copyright (C) 2018-2024 Intel Corporation
  */
 
 #include <linux/module.h>
@@ -1335,9 +1335,13 @@ static int _sta_info_move_state(struct sta_info *sta,
                sta->sta.addr, new_state);
 
        /* notify the driver before the actual changes so it can
-        * fail the transition
+        * fail the transition if the state is increasing.
+        * The driver is required not to fail when the transition
+        * is decreasing the state, so first, do all the preparation
+        * work and only then, notify the driver.
         */
-       if (test_sta_flag(sta, WLAN_STA_INSERTED)) {
+       if (new_state > sta->sta_state &&
+           test_sta_flag(sta, WLAN_STA_INSERTED)) {
                int err = drv_sta_state(sta->local, sta->sdata, sta,
                                        sta->sta_state, new_state);
                if (err)
@@ -1413,6 +1417,16 @@ static int _sta_info_move_state(struct sta_info *sta,
                break;
        }
 
+       if (new_state < sta->sta_state &&
+           test_sta_flag(sta, WLAN_STA_INSERTED)) {
+               int err = drv_sta_state(sta->local, sta->sdata, sta,
+                                       sta->sta_state, new_state);
+
+               WARN_ONCE(err,
+                         "Driver is not allowed to fail if the sta_state is transitioning down the list: %d\n",
+                         err);
+       }
+
        sta->sta_state = new_state;
 
        return 0;