| Message ID | 20240810095432.89063-1-vincenzo.mezzela@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v5.15,RESEND] wifi: mac80211: check basic rates validity | expand |
On Sat, Aug 10, 2024 at 11:54:31AM +0200, Vincenzo Mezzela wrote: > From: Johannes Berg <johannes.berg@intel.com> > > commit ce04abc3fcc62cd5640af981ebfd7c4dc3bded28 upstream. > > When userspace sets basic rates, it might send us some rates > list that's empty or consists of invalid values only. We're > currently ignoring invalid values and then may end up with a > rates bitmap that's empty, which later results in a warning. > > Reject the call if there were no valid rates. > > [ Conflict resolution involved adjusting the patch to accommodate > changes in the function signature of ieee80211_parse_bitrates, > specifically the updated first parameter ] > > Signed-off-by: Johannes Berg <johannes.berg@intel.com> > Reported-by: syzbot+19013115c9786bfd0c4e@syzkaller.appspotmail.com > Tested-by: syzbot+19013115c9786bfd0c4e@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=19013115c9786bfd0c4e > Signed-off-by: Vincenzo Mezzela <vincenzo.mezzela@gmail.com> > --- > Hi, > I'm resending the backport for v5.15 [1], following the one I previously > sent for v6.1 [2]. Now queued up, thanks. greg k-h
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index f277ce839ddb..85abd3ff07b4 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2339,6 +2339,17 @@ static int ieee80211_change_bss(struct wiphy *wiphy, if (!sband) return -EINVAL; + if (params->basic_rates) { + if (!ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef, + wiphy->bands[sband->band], + params->basic_rates, + params->basic_rates_len, + &sdata->vif.bss_conf.basic_rates)) + return -EINVAL; + changed |= BSS_CHANGED_BASIC_RATES; + ieee80211_check_rate_mask(sdata); + } + if (params->use_cts_prot >= 0) { sdata->vif.bss_conf.use_cts_prot = params->use_cts_prot; changed |= BSS_CHANGED_ERP_CTS_PROT; @@ -2362,16 +2373,6 @@ static int ieee80211_change_bss(struct wiphy *wiphy, changed |= BSS_CHANGED_ERP_SLOT; } - if (params->basic_rates) { - ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef, - wiphy->bands[sband->band], - params->basic_rates, - params->basic_rates_len, - &sdata->vif.bss_conf.basic_rates); - changed |= BSS_CHANGED_BASIC_RATES; - ieee80211_check_rate_mask(sdata); - } - if (params->ap_isolate >= 0) { if (params->ap_isolate) sdata->flags |= IEEE80211_SDATA_DONT_BRIDGE_PACKETS;