From patchwork Tue Jan 3 12:41:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arend van Spriel X-Patchwork-Id: 639029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 794EEC3DA7D for ; Tue, 3 Jan 2023 12:41:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237544AbjACMlb (ORCPT ); Tue, 3 Jan 2023 07:41:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237503AbjACMl3 (ORCPT ); Tue, 3 Jan 2023 07:41:29 -0500 Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88EF89FD3 for ; Tue, 3 Jan 2023 04:41:28 -0800 (PST) Received: by mail-qt1-x833.google.com with SMTP id g7so24431098qts.1 for ; Tue, 03 Jan 2023 04:41:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=yZdk8oR+49bqTq5guiux1sDGdmnCiNU4UDcA+2pJa58=; b=NHS/zeyb9qbTELhfZzO70oONF2SW1sxMfY+RpkDKVw11ZaSJFyh/hNDm4CyFfmA6pq m3sTegkWjGLn32COqp8SXiGxD0gdqejycI7FjAFoBkaNPgsnrIa0H4wzISaQlyzPJ8O8 WVWk4h3foioWJMm4itUNfzmqxyJQBWyfwKkgQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yZdk8oR+49bqTq5guiux1sDGdmnCiNU4UDcA+2pJa58=; b=LwIVw0n9KpJz2mak5HUFLLTnI3MgOwl3uDkzPHhEh8ve4XnxQ3rbd4IbFGpgb/foB7 7drPM7U8rnYqqOEMJPbgHg74g/fATQnbWiKNDtgE0ET5cLhJAV39M5mEcL7MucsrRFWI eO1G83ansyD158QEKC84QBktSACfq1qGgs7ykK9oVPu79ICkcUsGvyHWsC12OUWXr8Uh rsapgglZlJYQbbEqvdQ4oYS0+DDTOS2/SYexV+41lZfR8BHPzd8viWIOsd9MNMNBFPbT WPdjZIDxmt++vjfv8F3hhz+sqNkxDtW6VgNhNfff6AggHIOpAF0uHE6wf59ygF4l3+dA pjBA== X-Gm-Message-State: AFqh2krpcT5zcGh8UUVnnSdpwwY2P79zMNE+/oYJjpKe/Gvu2eDuZdAq ep9ip68hfYJegAN+D4WUbPe8KM+0GwYS+8qG X-Google-Smtp-Source: AMrXdXsakFc7YCQFvNU9/9Uu0NhgQIbb7RbnGa+W+uEi2ARnsKvEWyjfyY+v5kwW5C7QLCqaixrlCg== X-Received: by 2002:ac8:72c5:0:b0:3a6:a86f:33cd with SMTP id o5-20020ac872c5000000b003a6a86f33cdmr59631220qtp.51.1672749687585; Tue, 03 Jan 2023 04:41:27 -0800 (PST) Received: from bld-bun-02.bun.broadcom.com ([192.19.148.250]) by smtp.gmail.com with ESMTPSA id t1-20020ac865c1000000b003a7e4129f83sm18439047qto.85.2023.01.03.04.41.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Jan 2023 04:41:26 -0800 (PST) From: Arend van Spriel To: Kalle Valo Cc: linux-wireless@vger.kernel.org, Arend van Spriel Subject: [PATCH for-6.2 2/3] wifi: brcmfmac: avoid NULL-deref in survey dump for 2G only device Date: Tue, 3 Jan 2023 13:41:16 +0100 Message-Id: <20230103124117.271988-3-arend.vanspriel@broadcom.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20230103124117.271988-1-arend.vanspriel@broadcom.com> References: <20230103124117.271988-1-arend.vanspriel@broadcom.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org When dealing with a device for 2GHz band only the wiphy->bands for 5GHz will be NULL. This would result in a NULL-deref in the brcmf_cfg80211_dump_survey() function. Rework the code with a for-loop to make it easier to add another band. Signed-off-by: Arend van Spriel --- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c index 478ca3848c64..b115902eb475 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c @@ -7964,6 +7964,7 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev, struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg)); struct brcmf_dump_survey survey = {}; struct ieee80211_supported_band *band; + enum nl80211_band band_id; struct cca_msrmnt_query req; u32 noise; int err; @@ -7976,21 +7977,23 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev, return -EBUSY; } - band = wiphy->bands[NL80211_BAND_2GHZ]; - if (band && idx >= band->n_channels) { - idx -= band->n_channels; - band = NULL; - } + for (band_id = 0; band_id < NUM_NL80211_BANDS; band_id++) { + band = wiphy->bands[band_id]; + if (!band) + continue; + if (idx >= band->n_channels) { + idx -= band->n_channels; + continue; + } - if (!band || idx >= band->n_channels) { - band = wiphy->bands[NL80211_BAND_5GHZ]; - if (idx >= band->n_channels) - return -ENOENT; + info->channel = &band->channels[idx]; + break; } + if (band_id == NUM_NL80211_BANDS) + return -ENOENT; /* Setting current channel to the requested channel */ info->filled = 0; - info->channel = &band->channels[idx]; if (cfg80211_set_channel(wiphy, ndev, info->channel, NL80211_CHAN_HT20)) return 0;