wifi: mac80211: check for station first in client probe

When probing a client, first check if we have it, and then
check for the channel context, otherwise you can trigger
the warning there easily by probing when the AP isn't even
started yet. Since a client existing means the AP is also
operating, we can then keep the warning.

Also simplify the moved code a bit.

Reported-by: syzbot+999fac712d84878a7379@syzkaller.appspotmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index e7ac2460389250bbaedd0d332ba150e69f2efdef..953f24166ffcf738fa1e940472b904d0f52f7add 100644 (file)
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -4133,19 +4133,20 @@ static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev,
        mutex_lock(&local->mtx);
 
        rcu_read_lock();
+       sta = sta_info_get_bss(sdata, peer);
+       if (!sta) {
+               ret = -ENOLINK;
+               goto unlock;
+       }
+
+       qos = sta->sta.wme;
+
        chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
        if (WARN_ON(!chanctx_conf)) {
                ret = -EINVAL;
                goto unlock;
        }
        band = chanctx_conf->def.chan->band;
-       sta = sta_info_get_bss(sdata, peer);
-       if (sta) {
-               qos = sta->sta.wme;
-       } else {
-               ret = -ENOLINK;
-               goto unlock;
-       }
 
        if (qos) {
                fc = cpu_to_le16(IEEE80211_FTYPE_DATA |