From: Ben Greear This lets mac80211 force the driver to clean up any lingering configuration, fixing use-after-free in case of unrecoverable hardware failure. Signed-off-by: Ben Greear --- drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/net/wireless/intel/iwlwifi/mld/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mld/mac80211.c index badaceb120b3..03810291ed33 100644 --- a/drivers/net/wireless/intel/iwlwifi/mld/mac80211.c +++ b/drivers/net/wireless/intel/iwlwifi/mld/mac80211.c @@ -560,6 +560,18 @@ iwl_mld_restart_cleanup(struct iwl_mld *mld) iwl_mld_ftm_restart_cleanup(mld); } +/* mac80211 thinks our driver/firmware/hardware has crashed + * and cannot be recovered. Force clean any existing configuration + * (stas, etc), as mac80211 will not attempt further cleanup. + */ +static void iwl_mld_mac80211_force_cleanup(struct ieee80211_hw *hw) +{ + struct iwl_mld *mld = IWL_MAC80211_GET_MLD(hw); + + IWL_ERR(mld, "mac80211-force-cleanup called, calling mld_restart_cleanup.\n"); + iwl_mld_restart_cleanup(mld); +} + static int iwl_mld_mac80211_start(struct ieee80211_hw *hw) { @@ -2717,6 +2729,7 @@ const struct ieee80211_ops iwl_mld_hw_ops = { .config = iwl_mld_mac80211_config, .get_antenna = iwl_mld_get_antenna, .set_antenna = iwl_mld_set_antenna, + .force_cleanup = iwl_mld_mac80211_force_cleanup, .add_interface = iwl_mld_mac80211_add_interface, .remove_interface = iwl_mld_mac80211_remove_interface, .conf_tx = iwl_mld_mac80211_conf_tx, -- 2.42.0