wifi: mac80211: check for station first in client probe

[ Upstream commit 67dfa589aa8806c7959cbca2f4613b8d41c75a06 ]

When probing a client, first check if we have it, and then
check for the channel context, otherwise you can trigger
the warning there easily by probing when the AP isn't even
started yet. Since a client existing means the AP is also
operating, we can then keep the warning.

Also simplify the moved code a bit.

Reported-by: syzbot+999fac712d84878a7379@syzkaller.appspotmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 23a44edcb11f76ed47e57d6a065f5b20648bb122..cf3453b532d67cbeff4d61917af80a5c233f33f3 100644 (file)
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -3991,19 +3991,20 @@ static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev,
        mutex_lock(&local->mtx);
 
        rcu_read_lock();
+       sta = sta_info_get_bss(sdata, peer);
+       if (!sta) {
+               ret = -ENOLINK;
+               goto unlock;
+       }
+
+       qos = sta->sta.wme;
+
        chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
        if (WARN_ON(!chanctx_conf)) {
                ret = -EINVAL;
                goto unlock;
        }
        band = chanctx_conf->def.chan->band;
-       sta = sta_info_get_bss(sdata, peer);
-       if (sta) {
-               qos = sta->sta.wme;
-       } else {
-               ret = -ENOLINK;
-               goto unlock;
-       }
 
        if (qos) {
                fc = cpu_to_le16(IEEE80211_FTYPE_DATA |