wifi: mac80211: reject address change while connecting

commit a9da90e618cd0669a22bcc06a96209db5dd96e9b upstream.

While connecting, the MAC address can already no longer be
changed. The change is already rejected if netif_carrier_ok(),
but of course that's not true yet while connecting. Check for
auth_data or assoc_data, so the MAC address cannot be changed.

Also more comprehensively check that there are no stations on
the interface being changed - if any peer station is added it
will know about our address already, so we cannot change it.

Cc: stable@vger.kernel.org
Fixes: 3c06e91b40db ("wifi: mac80211: Support POWERED_ADDR_CHANGE feature")
Link: https://patch.msgid.link/20251105154119.f9f6c1df81bb.I9bb3760ede650fb96588be0d09a5a7bdec21b217@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 69a8a2c21d8df86a3081581e8cf39981f3568b49..50108fdb9361de3cc7c4e6986945a64ebe945306 100644 (file)
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -224,6 +224,10 @@ static int ieee80211_can_powered_addr_change(struct ieee80211_sub_if_data *sdata
        if (netif_carrier_ok(sdata->dev))
                return -EBUSY;
 
+       /* if any stations are set known (so they know this vif too), reject */
+       if (sta_info_get_by_idx(sdata, 0))
+               return -EBUSY;
+
        /* First check no ROC work is happening on this iface */
        list_for_each_entry(roc, &local->roc_list, list) {
                if (roc->sdata != sdata)
@@ -243,12 +247,16 @@ static int ieee80211_can_powered_addr_change(struct ieee80211_sub_if_data *sdata
                        ret = -EBUSY;
        }
 
+       /*
+        * More interface types could be added here but changing the
+        * address while powered makes the most sense in client modes.
+        */
        switch (sdata->vif.type) {
        case NL80211_IFTYPE_STATION:
        case NL80211_IFTYPE_P2P_CLIENT:
-               /* More interface types could be added here but changing the
-                * address while powered makes the most sense in client modes.
-                */
+               /* refuse while connecting */
+               if (sdata->u.mgd.auth_data || sdata->u.mgd.assoc_data)
+                       return -EBUSY;
                break;
        default:
                ret = -EOPNOTSUPP;