diff mbox series

wifi: mac80211: fix unsolicited broadcast probe config

Message ID 20240129195729.965b0740bf80.I6bc6f5236863f686c17d689be541b1dd2633c417@changeid
State New
Headers show
Series wifi: mac80211: fix unsolicited broadcast probe config | expand

Commit Message

Johannes Berg Jan. 29, 2024, 6:57 p.m. UTC 
From: Johannes Berg <johannes.berg@intel.com>

There's a bug in ieee80211_set_unsol_bcast_probe_resp(), it tries
to return BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (which has the value
1<<31) in an int, which makes it negative and considered an error.
Fix this by passing the changed flags to set separately.

Fixes: 3b1c256eb4ae ("wifi: mac80211: fixes in FILS discovery updates")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 net/mac80211/cfg.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

Comments

Jeff Johnson Feb. 1, 2024, 6:28 p.m. UTC | #1 
On 1/29/2024 10:57 AM, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@intel.com>
> 
> There's a bug in ieee80211_set_unsol_bcast_probe_resp(), it tries
> to return BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (which has the value
> 1<<31) in an int, which makes it negative and considered an error.
> Fix this by passing the changed flags to set separately.
> 
> Fixes: 3b1c256eb4ae ("wifi: mac80211: fixes in FILS discovery updates")
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>

Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>

> ---
>  net/mac80211/cfg.c | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
> index 321698012e12..327682995c92 100644
> --- a/net/mac80211/cfg.c
> +++ b/net/mac80211/cfg.c
> @@ -5,7 +5,7 @@
>   * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
>   * Copyright 2013-2015  Intel Mobile Communications GmbH
>   * Copyright (C) 2015-2017 Intel Deutschland GmbH
> - * Copyright (C) 2018-2022 Intel Corporation
> + * Copyright (C) 2018-2024 Intel Corporation
>   */
>  
>  #include <linux/ieee80211.h>
> @@ -987,7 +987,8 @@ static int
>  ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
>  				     struct cfg80211_unsol_bcast_probe_resp *params,
>  				     struct ieee80211_link_data *link,
> -				     struct ieee80211_bss_conf *link_conf)
> +				     struct ieee80211_bss_conf *link_conf,
> +				     u64 *changed)
>  {
>  	struct unsol_bcast_probe_resp_data *new, *old = NULL;
>  
> @@ -1011,7 +1012,8 @@ ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
>  		RCU_INIT_POINTER(link->u.ap.unsol_bcast_probe_resp, NULL);
>  	}
>  
> -	return BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
> +	*changed |= BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
> +	return 0;
>  }
>  
>  static int ieee80211_set_ftm_responder_params(
> @@ -1450,10 +1452,9 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
>  
>  	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
>  						   &params->unsol_bcast_probe_resp,
> -						   link, link_conf);
> +						   link, link_conf, &changed);
>  	if (err < 0)
>  		goto error;
> -	changed |= err;
>  
>  	err = drv_start_ap(sdata->local, sdata, link_conf);
>  	if (err) {
> @@ -1525,10 +1526,9 @@ static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
>  
>  	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
>  						   &params->unsol_bcast_probe_resp,
> -						   link, link_conf);
> +						   link, link_conf, &changed);
>  	if (err < 0)
>  		return err;
> -	changed |= err;
>  
>  	if (beacon->he_bss_color_valid &&
>  	    beacon->he_bss_color.enabled != link_conf->he_bss_color.enabled) {
diff mbox series

Patch

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 321698012e12..327682995c92 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -5,7 +5,7 @@ 
  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
  * Copyright 2013-2015  Intel Mobile Communications GmbH
  * Copyright (C) 2015-2017 Intel Deutschland GmbH
- * Copyright (C) 2018-2022 Intel Corporation
+ * Copyright (C) 2018-2024 Intel Corporation
  */
 
 #include <linux/ieee80211.h>
@@ -987,7 +987,8 @@  static int
 ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
 				     struct cfg80211_unsol_bcast_probe_resp *params,
 				     struct ieee80211_link_data *link,
-				     struct ieee80211_bss_conf *link_conf)
+				     struct ieee80211_bss_conf *link_conf,
+				     u64 *changed)
 {
 	struct unsol_bcast_probe_resp_data *new, *old = NULL;
 
@@ -1011,7 +1012,8 @@  ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
 		RCU_INIT_POINTER(link->u.ap.unsol_bcast_probe_resp, NULL);
 	}
 
-	return BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
+	*changed |= BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
+	return 0;
 }
 
 static int ieee80211_set_ftm_responder_params(
@@ -1450,10 +1452,9 @@  static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
 
 	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
 						   &params->unsol_bcast_probe_resp,
-						   link, link_conf);
+						   link, link_conf, &changed);
 	if (err < 0)
 		goto error;
-	changed |= err;
 
 	err = drv_start_ap(sdata->local, sdata, link_conf);
 	if (err) {
@@ -1525,10 +1526,9 @@  static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
 
 	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
 						   &params->unsol_bcast_probe_resp,
-						   link, link_conf);
+						   link, link_conf, &changed);
 	if (err < 0)
 		return err;
-	changed |= err;
 
 	if (beacon->he_bss_color_valid &&
 	    beacon->he_bss_color.enabled != link_conf->he_bss_color.enabled) {