| Message ID | 20240729134318.291424-1-vincenzo.mezzela@gmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | wifi: mac80211: check basic rates validity | expand |
On 7/30/24 16:23, Greg KH wrote: > On Mon, Jul 29, 2024 at 03:43:18PM +0200, Vincenzo Mezzela wrote: >> From: Johannes Berg <johannes.berg@intel.com> >> >> commit ce04abc3fcc62cd5640af981ebfd7c4dc3bded28 upstream. >> >> When userspace sets basic rates, it might send us some rates >> list that's empty or consists of invalid values only. We're >> currently ignoring invalid values and then may end up with a >> rates bitmap that's empty, which later results in a warning. >> >> Reject the call if there were no valid rates. >> >> [ Conflict resolution involved adjusting the patch to accommodate >> changes in the function signature of ieee80211_parse_bitrates and >> ieee80211_check_rate_mask ] >> >> Signed-off-by: Johannes Berg <johannes.berg@intel.com> >> Reported-by: syzbot+07bee335584b04e7c2f8@syzkaller.appspotmail.com >> Tested-by: syzbot+07bee335584b04e7c2f8@syzkaller.appspotmail.com >> Closes: https://syzkaller.appspot.com/bug?extid=07bee335584b04e7c2f8 >> Signed-off-by: Vincenzo Mezzela <vincenzo.mezzela@gmail.com> >> --- >> Hi, >> please note that a backport of the same patch for v5.15 is available at >> [1]. > Please resend [1] as it's gone from my queue. > > greg k-h Hi Greg, I've just sent it here [1]. Vincenzo - [1] https://lore.kernel.org/all/20240810095432.89063-1-vincenzo.mezzela@gmail.com/
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 2c60fc165801..d121a3b460f4 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2577,6 +2577,17 @@ static int ieee80211_change_bss(struct wiphy *wiphy, if (!sband) return -EINVAL; + if (params->basic_rates) { + if (!ieee80211_parse_bitrates(sdata->vif.bss_conf.chandef.width, + wiphy->bands[sband->band], + params->basic_rates, + params->basic_rates_len, + &sdata->vif.bss_conf.basic_rates)) + return -EINVAL; + changed |= BSS_CHANGED_BASIC_RATES; + ieee80211_check_rate_mask(&sdata->deflink); + } + if (params->use_cts_prot >= 0) { sdata->vif.bss_conf.use_cts_prot = params->use_cts_prot; changed |= BSS_CHANGED_ERP_CTS_PROT; @@ -2600,16 +2611,6 @@ static int ieee80211_change_bss(struct wiphy *wiphy, changed |= BSS_CHANGED_ERP_SLOT; } - if (params->basic_rates) { - ieee80211_parse_bitrates(sdata->vif.bss_conf.chandef.width, - wiphy->bands[sband->band], - params->basic_rates, - params->basic_rates_len, - &sdata->vif.bss_conf.basic_rates); - changed |= BSS_CHANGED_BASIC_RATES; - ieee80211_check_rate_mask(&sdata->deflink); - } - if (params->ap_isolate >= 0) { if (params->ap_isolate) sdata->flags |= IEEE80211_SDATA_DONT_BRIDGE_PACKETS;