Ignore ADDBA requests if we are not ready to receive data frames.

This prevents potential firmware errors in Intel wifi drivers when APs
send an ADDBA request before the driver's state machine has settled
into RUN state.
The driver's addba task would race the driver's newstate task, and the
hardware would see an incorrect sequence of commands.

Ignoring an early ADDBA request is harmless. The AP will retry later.

Reported by zxystd from the OpenIntelWireless project, thanks!

ok phessler@

1 files changed, 6 insertions, 1 deletions

diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c
index ff43a9a8061..44f1189405f 100644
--- a/sys/net80211/ieee80211_input.c
+++ b/sys/net80211/ieee80211_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ieee80211_input.c,v 1.250 2023/01/09 00:22:47 daniel Exp $	*/
+/*	$OpenBSD: ieee80211_input.c,v 1.251 2024/03/15 17:45:36 stsp Exp $	*/
 /*	$NetBSD: ieee80211_input.c,v 1.24 2004/05/31 11:12:24 dyoung Exp $	*/
 
 /*-
@@ -2838,6 +2838,11 @@ ieee80211_recv_addba_req(struct ieee80211com *ic, struct mbuf *m,
 	u_int8_t token, tid;
 	int err = 0;
 
+	/* Ignore if we are not ready to receive data frames. */
+	if (ic->ic_state != IEEE80211_S_RUN ||
+	    ((ic->ic_flags & IEEE80211_F_RSNON) && !ni->ni_port_valid))
+		return;
+
 	if (!(ni->ni_flags & IEEE80211_NODE_HT)) {
 		DPRINTF(("received ADDBA req from non-HT STA %s\n",
 		    ether_sprintf(ni->ni_macaddr)));