OSDN Git Service

(root) / tomoyo / tomoyo-test1.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4992b36)
wifi: cfg80211/mac80211: check EHT capability size correctly
authorJohannes Berg <johannes.berg@intel.com>
Tue, 16 Aug 2022 09:26:23 +0000 (11:26 +0200)
committerJohannes Berg <johannes.berg@intel.com>
Thu, 25 Aug 2022 08:41:24 +0000 (10:41 +0200)
For AP/non-AP the EHT MCS/NSS subfield size differs, the
4-octet subfield is only used for 20 MHz-only non-AP STA.
Pass an argument around everywhere to be able to parse it
properly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
include/linux/ieee80211.h patch | blob | history
net/mac80211/eht.c patch | blob | history
net/mac80211/ieee80211_i.h patch | blob | history
net/mac80211/mlme.c patch | blob | history
net/mac80211/util.c patch | blob | history
net/wireless/core.c patch | blob | history
net/wireless/nl80211.c patch | blob | history

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 55e6f4a..6f70394 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2886,7 +2886,8 @@ ieee80211_he_spr_size(const u8 *he_spr_ie)
 /* Calculate 802.11be EHT capabilities IE Tx/Rx EHT MCS NSS Support Field size */
 static inline u8
 ieee80211_eht_mcs_nss_size(const struct ieee80211_he_cap_elem *he_cap,
-                          const struct ieee80211_eht_cap_elem_fixed *eht_cap)
+                          const struct ieee80211_eht_cap_elem_fixed *eht_cap,
+                          bool from_ap)
 {
        u8 count = 0;
 
@@ -2907,7 +2908,10 @@ ieee80211_eht_mcs_nss_size(const struct ieee80211_he_cap_elem *he_cap,
        if (eht_cap->phy_cap_info[0] & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ)
                count += 3;
 
-       return count ? count : 4;
+       if (count)
+               return count;
+
+       return from_ap ? 3 : 4;
 }
 
 /* 802.11be EHT PPE Thresholds */
@@ -2943,7 +2947,8 @@ ieee80211_eht_ppe_size(u16 ppe_thres_hdr, const u8 *phy_cap_info)
 }
 
 static inline bool
-ieee80211_eht_capa_size_ok(const u8 *he_capa, const u8 *data, u8 len)
+ieee80211_eht_capa_size_ok(const u8 *he_capa, const u8 *data, u8 len,
+                          bool from_ap)
 {
        const struct ieee80211_eht_cap_elem_fixed *elem = (const void *)data;
        u8 needed = sizeof(struct ieee80211_eht_cap_elem_fixed);
@@ -2952,7 +2957,8 @@ ieee80211_eht_capa_size_ok(const u8 *he_capa, const u8 *data, u8 len)
                return false;
 
        needed += ieee80211_eht_mcs_nss_size((const void *)he_capa,
-                                            (const void *)data);
+                                            (const void *)data,
+                                            from_ap);
        if (len < needed)
                return false;
 
diff --git a/net/mac80211/eht.c b/net/mac80211/eht.c
index 31e20a3..18bc6b7 100644 (file)
--- a/net/mac80211/eht.c
+++ b/net/mac80211/eht.c
@@ -30,7 +30,9 @@ ieee80211_eht_cap_ie_to_sta_eht_cap(struct ieee80211_sub_if_data *sdata,
                return;
 
        mcs_nss_size = ieee80211_eht_mcs_nss_size(he_cap_ie_elem,
-                                                 &eht_cap_ie_elem->fixed);
+                                                 &eht_cap_ie_elem->fixed,
+                                                 sdata->vif.type ==
+                                                       NL80211_IFTYPE_STATION);
 
        eht_total_size += mcs_nss_size;
 
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 6313c49..9f3e1d7 100644 (file)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -2185,6 +2185,8 @@ static inline void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata,
  *     for that non-transmitting BSS is returned
  * @link_id: the link ID to parse elements for, if a STA profile
  *     is present in the multi-link element, or -1 to ignore
+ * @from_ap: frame is received from an AP (currently used only
+ *     for EHT capabilities parsing)
  */
 struct ieee80211_elems_parse_params {
        const u8 *start;
@@ -2194,6 +2196,7 @@ struct ieee80211_elems_parse_params {
        u32 crc;
        struct cfg80211_bss *bss;
        int link_id;
+       bool from_ap;
 };
 
 struct ieee802_11_elems *
@@ -2514,7 +2517,8 @@ u8 ieee80211_ie_len_eht_cap(struct ieee80211_sub_if_data *sdata, u8 iftype);
 u8 *ieee80211_ie_build_eht_cap(u8 *pos,
                               const struct ieee80211_sta_he_cap *he_cap,
                               const struct ieee80211_sta_eht_cap *eht_cap,
-                              u8 *end);
+                              u8 *end,
+                              bool for_ap);
 
 void
 ieee80211_eht_cap_ie_to_sta_eht_cap(struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index a53137b..2dcb7f5 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -746,11 +746,13 @@ static void ieee80211_add_eht_ie(struct ieee80211_sub_if_data *sdata,
        eht_cap_size =
                2 + 1 + sizeof(eht_cap->eht_cap_elem) +
                ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
-                                          &eht_cap->eht_cap_elem) +
+                                          &eht_cap->eht_cap_elem,
+                                          false) +
                ieee80211_eht_ppe_size(eht_cap->eht_ppe_thres[0],
                                       eht_cap->eht_cap_elem.phy_cap_info);
        pos = skb_put(skb, eht_cap_size);
-       ieee80211_ie_build_eht_cap(pos, he_cap, eht_cap, pos + eht_cap_size);
+       ieee80211_ie_build_eht_cap(pos, he_cap, eht_cap, pos + eht_cap_size,
+                                  false);
 }
 
 static void ieee80211_assoc_add_rates(struct sk_buff *skb,
@@ -3912,6 +3914,7 @@ static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link,
                .len = elem_len,
                .bss = cbss,
                .link_id = link == &sdata->deflink ? -1 : link->link_id,
+               .from_ap = true,
        };
        bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
        bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
@@ -4580,6 +4583,11 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
        bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
        bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
        struct ieee80211_bss *bss = (void *)cbss->priv;
+       struct ieee80211_elems_parse_params parse_params = {
+               .bss = cbss,
+               .link_id = -1,
+               .from_ap = true,
+       };
        struct ieee802_11_elems *elems;
        const struct cfg80211_bss_ies *ies;
        int ret;
@@ -4589,7 +4597,9 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
        rcu_read_lock();
 
        ies = rcu_dereference(cbss->ies);
-       elems = ieee802_11_parse_elems(ies->data, ies->len, false, cbss);
+       parse_params.start = ies->data;
+       parse_params.len = ies->len;
+       elems = ieee802_11_parse_elems_full(&parse_params);
        if (!elems) {
                rcu_read_unlock();
                return -ENOMEM;
@@ -4944,6 +4954,11 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
        struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
        u16 capab_info, status_code, aid;
+       struct ieee80211_elems_parse_params parse_params = {
+               .bss = NULL,
+               .link_id = -1,
+               .from_ap = true,
+       };
        struct ieee802_11_elems *elems;
        int ac;
        const u8 *elem_start;
@@ -4998,7 +5013,9 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
                return;
 
        elem_len = len - (elem_start - (u8 *)mgmt);
-       elems = ieee802_11_parse_elems(elem_start, elem_len, false, NULL);
+       parse_params.start = elem_start;
+       parse_params.len = elem_len;
+       elems = ieee802_11_parse_elems_full(&parse_params);
        if (!elems)
                goto notify_driver;
 
@@ -5363,6 +5380,10 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
        u32 ncrc = 0;
        u8 *bssid, *variable = mgmt->u.beacon.variable;
        u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
+       struct ieee80211_elems_parse_params parse_params = {
+               .link_id = -1,
+               .from_ap = true,
+       };
 
        sdata_assert_lock(sdata);
 
@@ -5381,6 +5402,9 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
        if (baselen > len)
                return;
 
+       parse_params.start = variable;
+       parse_params.len = len - baselen;
+
        rcu_read_lock();
        chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
        if (!chanctx_conf) {
@@ -5399,8 +5423,8 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
        if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
            !WARN_ON(sdata->vif.valid_links) &&
            ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->link[0].bss)) {
-               elems = ieee802_11_parse_elems(variable, len - baselen, false,
-                                              ifmgd->assoc_data->link[0].bss);
+               parse_params.bss = ifmgd->assoc_data->link[0].bss;
+               elems = ieee802_11_parse_elems_full(&parse_params);
                if (!elems)
                        return;
 
@@ -5466,9 +5490,10 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
         */
        if (!ieee80211_is_s1g_beacon(hdr->frame_control))
                ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
-       elems = ieee802_11_parse_elems_crc(variable, len - baselen,
-                                          false, care_about_ies, ncrc,
-                                          link->u.mgd.bss);
+       parse_params.bss = link->u.mgd.bss;
+       parse_params.filter = care_about_ies;
+       parse_params.crc = ncrc;
+       elems = ieee802_11_parse_elems_full(&parse_params);
        if (!elems)
                return;
        ncrc = elems->crc;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 53826c6..37324a2 100644 (file)
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -954,9 +954,11 @@ void ieee80211_queue_delayed_work(struct ieee80211_hw *hw,
 }
 EXPORT_SYMBOL(ieee80211_queue_delayed_work);
 
-static void ieee80211_parse_extension_element(u32 *crc,
-                                             const struct element *elem,
-                                             struct ieee802_11_elems *elems)
+static void
+ieee80211_parse_extension_element(u32 *crc,
+                                 const struct element *elem,
+                                 struct ieee802_11_elems *elems,
+                                 struct ieee80211_elems_parse_params *params)
 {
        const void *data = elem->data + 1;
        u8 len;
@@ -1013,7 +1015,8 @@ static void ieee80211_parse_extension_element(u32 *crc,
                break;
        case WLAN_EID_EXT_EHT_CAPABILITY:
                if (ieee80211_eht_capa_size_ok(elems->he_cap,
-                                              data, len)) {
+                                              data, len,
+                                              params->from_ap)) {
                        elems->eht_cap = data;
                        elems->eht_cap_len = len;
                }
@@ -1385,7 +1388,7 @@ _ieee802_11_parse_elems_full(struct ieee80211_elems_parse_params *params,
                case WLAN_EID_EXTENSION:
                        ieee80211_parse_extension_element(calc_crc ?
                                                                &crc : NULL,
-                                                         elem, elems);
+                                                         elem, elems, params);
                        break;
                case WLAN_EID_S1G_CAPABILITIES:
                        if (elen >= sizeof(*elems->s1g_capab))
@@ -2025,7 +2028,8 @@ static int ieee80211_build_preq_ies_band(struct ieee80211_sub_if_data *sdata,
            cfg80211_any_usable_channels(local->hw.wiphy, BIT(sband->band),
                                         IEEE80211_CHAN_NO_HE |
                                         IEEE80211_CHAN_NO_EHT)) {
-               pos = ieee80211_ie_build_eht_cap(pos, he_cap, eht_cap, end);
+               pos = ieee80211_ie_build_eht_cap(pos, he_cap, eht_cap, end,
+                                                sdata->vif.type == NL80211_IFTYPE_AP);
                if (!pos)
                        goto out_err;
        }
@@ -4770,6 +4774,7 @@ u8 ieee80211_ie_len_eht_cap(struct ieee80211_sub_if_data *sdata, u8 iftype)
        const struct ieee80211_sta_he_cap *he_cap;
        const struct ieee80211_sta_eht_cap *eht_cap;
        struct ieee80211_supported_band *sband;
+       bool is_ap;
        u8 n;
 
        sband = ieee80211_get_sband(sdata);
@@ -4781,8 +4786,12 @@ u8 ieee80211_ie_len_eht_cap(struct ieee80211_sub_if_data *sdata, u8 iftype)
        if (!he_cap || !eht_cap)
                return 0;
 
+       is_ap = iftype == NL80211_IFTYPE_AP ||
+               iftype == NL80211_IFTYPE_P2P_GO;
+
        n = ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
-                                      &eht_cap->eht_cap_elem);
+                                      &eht_cap->eht_cap_elem,
+                                      is_ap);
        return 2 + 1 +
               sizeof(he_cap->he_cap_elem) + n +
               ieee80211_eht_ppe_size(eht_cap->eht_ppe_thres[0],
@@ -4793,7 +4802,8 @@ u8 ieee80211_ie_len_eht_cap(struct ieee80211_sub_if_data *sdata, u8 iftype)
 u8 *ieee80211_ie_build_eht_cap(u8 *pos,
                               const struct ieee80211_sta_he_cap *he_cap,
                               const struct ieee80211_sta_eht_cap *eht_cap,
-                              u8 *end)
+                              u8 *end,
+                              bool for_ap)
 {
        u8 mcs_nss_len, ppet_len;
        u8 ie_len;
@@ -4804,7 +4814,8 @@ u8 *ieee80211_ie_build_eht_cap(u8 *pos,
                return orig_pos;
 
        mcs_nss_len = ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
-                                                &eht_cap->eht_cap_elem);
+                                                &eht_cap->eht_cap_elem,
+                                                for_ap);
        ppet_len = ieee80211_eht_ppe_size(eht_cap->eht_ppe_thres[0],
                                          eht_cap->eht_cap_elem.phy_cap_info);
 
diff --git a/net/wireless/core.c b/net/wireless/core.c
index eefd6d8..5b0c4d5 100644 (file)
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -860,6 +860,9 @@ int wiphy_register(struct wiphy *wiphy)
 
                for (i = 0; i < sband->n_iftype_data; i++) {
                        const struct ieee80211_sband_iftype_data *iftd;
+                       bool has_ap, has_non_ap;
+                       u32 ap_bits = BIT(NL80211_IFTYPE_AP) |
+                                     BIT(NL80211_IFTYPE_P2P_GO);
 
                        iftd = &sband->iftype_data[i];
 
@@ -879,6 +882,19 @@ int wiphy_register(struct wiphy *wiphy)
                        else
                                have_he = have_he &&
                                          iftd->he_cap.has_he;
+
+                       has_ap = iftd->types_mask & ap_bits;
+                       has_non_ap = iftd->types_mask & ~ap_bits;
+
+                       /*
+                        * For EHT 20 MHz STA, the capabilities format differs
+                        * but to simplify, don't check 20 MHz but rather check
+                        * only if AP and non-AP were mentioned at the same time,
+                        * reject if so.
+                        */
+                       if (WARN_ON(iftd->eht_cap.has_eht &&
+                                   has_ap && has_non_ap))
+                               return -EINVAL;
                }
 
                if (WARN_ON(!have_he && band == NL80211_BAND_6GHZ))
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 7224268..8568304 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1820,10 +1820,15 @@ nl80211_send_iftype_data(struct sk_buff *msg,
        if (eht_cap->has_eht && he_cap->has_he) {
                u8 mcs_nss_size, ppe_thresh_size;
                u16 ppe_thres_hdr;
+               bool is_ap;
+
+               is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) ||
+                       iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO);
 
                mcs_nss_size =
                        ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
-                                                  &eht_cap->eht_cap_elem);
+                                                  &eht_cap->eht_cap_elem,
+                                                  is_ap);
 
                ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]);
                ppe_thresh_size =
@@ -5668,7 +5673,7 @@ static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
                params->eht_cap = (void *)(cap->data + 1);
                if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap,
                                                (const u8 *)params->eht_cap,
-                                               cap->datalen - 1))
+                                               cap->datalen - 1, true))
                        return -EINVAL;
        }
        cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len);
@@ -6897,7 +6902,8 @@ static int nl80211_set_station_tdls(struct genl_info *info,
 
                        if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa,
                                                        (const u8 *)params->link_sta_params.eht_capa,
-                                                       params->link_sta_params.eht_capa_len))
+                                                       params->link_sta_params.eht_capa_len,
+                                                       false))
                                return -EINVAL;
                }
        }
@@ -7208,7 +7214,8 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
 
                        if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa,
                                                        (const u8 *)params.link_sta_params.eht_capa,
-                                                       params.link_sta_params.eht_capa_len))
+                                                       params.link_sta_params.eht_capa_len,
+                                                       false))
                                return -EINVAL;
                }
        }
@@ -15968,7 +15975,8 @@ nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info,
 
                        if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa,
                                                        (const u8 *)params.eht_capa,
-                                                       params.eht_capa_len))
+                                                       params.eht_capa_len,
+                                                       false))
                                return -EINVAL;
                }
        }
This is a test repository.
About OSDN
Find Software
Develop Software
Help