From eec86aba82585eb1ac4b18f8ee82f7ba389d6cbc Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 23 Jul 2024 20:03:43 +0200
Subject: [PATCH] 5.15-stable patches

added patches:
	wifi-mac80211-disable-softirqs-for-queued-frame-handling.patch
---
 queue-5.15/series                             |  1 +
 ...e-softirqs-for-queued-frame-handling.patch | 46 +++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 queue-5.15/wifi-mac80211-disable-softirqs-for-queued-frame-handling.patch

diff --git a/queue-5.15/series b/queue-5.15/series
index 80c2e65e837..67b83e6e6e2 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -69,3 +69,4 @@ minmax-allow-min-max-clamp-if-the-arguments-have-the-same-signedness.patch
 minmax-allow-comparisons-of-int-against-unsigned-char-short.patch
 minmax-relax-check-to-allow-comparison-between-unsigned-arguments-and-signed-constants.patch
 mm-damon-core-merge-regions-aggressively-when-max_nr_regions-is-unmet.patch
+wifi-mac80211-disable-softirqs-for-queued-frame-handling.patch
diff --git a/queue-5.15/wifi-mac80211-disable-softirqs-for-queued-frame-handling.patch b/queue-5.15/wifi-mac80211-disable-softirqs-for-queued-frame-handling.patch
new file mode 100644
index 00000000000..28e5d313e25
--- /dev/null
+++ b/queue-5.15/wifi-mac80211-disable-softirqs-for-queued-frame-handling.patch
@@ -0,0 +1,46 @@
+From 321028bc45f01edb9e57b0ae5c11c5c3600d00ca Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Wed, 26 Jun 2024 09:15:59 +0200
+Subject: wifi: mac80211: disable softirqs for queued frame handling
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit 321028bc45f01edb9e57b0ae5c11c5c3600d00ca upstream.
+
+As noticed by syzbot, calling ieee80211_handle_queued_frames()
+(and actually handling frames there) requires softirqs to be
+disabled, since we call into the RX code. Fix that in the case
+of cleaning up frames left over during shutdown.
+
+Fixes: 177c6ae9725d ("wifi: mac80211: handle tasklet frames before stopping")
+Reported-by: syzbot+1d516edf1e74469ba5d3@syzkaller.appspotmail.com
+Link: https://patch.msgid.link/20240626091559.cd6f08105a6e.I74778610a5ff2cf8680964698131099d2960352a@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mac80211/main.c |    1 +
+ net/mac80211/util.c |    2 ++
+ 2 files changed, 3 insertions(+)
+
+--- a/net/mac80211/main.c
++++ b/net/mac80211/main.c
+@@ -220,6 +220,7 @@ u32 ieee80211_reset_erp_info(struct ieee
+ 	       BSS_CHANGED_ERP_SLOT;
+ }
+ 
++/* context: requires softirqs disabled */
+ void ieee80211_handle_queued_frames(struct ieee80211_local *local)
+ {
+ 	struct sk_buff *skb;
+--- a/net/mac80211/util.c
++++ b/net/mac80211/util.c
+@@ -2146,7 +2146,9 @@ u32 ieee80211_sta_get_rates(struct ieee8
+ 
+ void ieee80211_stop_device(struct ieee80211_local *local)
+ {
++	local_bh_disable();
+ 	ieee80211_handle_queued_frames(local);
++	local_bh_enable();
+ 
+ 	ieee80211_led_radio(local, false);
+ 	ieee80211_mod_tpt_led_trig(local, 0, IEEE80211_TPT_LEDTRIG_FL_RADIO);
-- 
2.47.3