In function ieee80211_prep_channel(), it has some ieee80211_bss_get_ie()
and cfg80211_find_ext_ie() to get the IE, this is to use another
function ieee802_11_parse_elems() to get all the IEs in one time.
Signed-off-by: Wen Gong <[email protected]>
---
net/mac80211/mlme.c | 40 ++++++++++++++++++++++++----------------
1 file changed, 24 insertions(+), 16 deletions(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 2480bd0577bb..6b32cdd590cd 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -5001,10 +5001,22 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
struct ieee80211_bss *bss = (void *)cbss->priv;
+ struct ieee802_11_elems *elems;
+ const struct cfg80211_bss_ies *ies;
int ret;
u32 i;
bool have_80mhz;
+ elems = kzalloc(sizeof(*elems), GFP_KERNEL);
+ if (!elems)
+ return -ENOMEM;
+
+ rcu_read_lock();
+
+ ies = rcu_dereference(cbss->ies);
+ ieee802_11_parse_elems(ies->data, ies->len, false, elems,
+ NULL, NULL);
+
sband = local->hw.wiphy->bands[cbss->channel->band];
ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
@@ -5026,16 +5038,14 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
if (!ieee80211_get_he_sta_cap(sband))
ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
- rcu_read_lock();
-
if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && !is_6ghz) {
const u8 *ht_oper_ie, *ht_cap_ie;
- ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
+ ht_oper_ie = ((const u8 *)elems->ht_operation) - 2;
if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
ht_oper = (void *)(ht_oper_ie + 2);
- ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
+ ht_cap_ie = ((const u8 *)elems->ht_cap_elem) - 2;
if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap))
ht_cap = (void *)(ht_cap_ie + 2);
@@ -5048,8 +5058,7 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && !is_6ghz) {
const u8 *vht_oper_ie, *vht_cap;
- vht_oper_ie = ieee80211_bss_get_ie(cbss,
- WLAN_EID_VHT_OPERATION);
+ vht_oper_ie = ((const u8 *)elems->vht_operation) - 2;
if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
vht_oper = (void *)(vht_oper_ie + 2);
if (vht_oper && !ht_oper) {
@@ -5061,7 +5070,7 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
}
- vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
+ vht_cap = ((const u8 *)elems->vht_cap_elem) - 2;
if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
vht_oper = NULL;
@@ -5069,12 +5078,9 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
}
if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) {
- const struct cfg80211_bss_ies *ies;
const u8 *he_oper_ie;
- ies = rcu_dereference(cbss->ies);
- he_oper_ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION,
- ies->data, ies->len);
+ he_oper_ie = ((const u8 *)elems->he_operation) - 3;
if (he_oper_ie &&
he_oper_ie[1] >= ieee80211_he_oper_size(&he_oper_ie[3]))
he_oper = (void *)(he_oper_ie + 3);
@@ -5102,8 +5108,7 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
if (sband->band == NL80211_BAND_S1GHZ) {
const u8 *s1g_oper_ie;
- s1g_oper_ie = ieee80211_bss_get_ie(cbss,
- WLAN_EID_S1G_OPERATION);
+ s1g_oper_ie = ((const u8 *)elems->s1g_oper) - 2;
if (s1g_oper_ie && s1g_oper_ie[1] >= sizeof(*s1g_oper))
s1g_oper = (void *)(s1g_oper_ie + 2);
else
@@ -5125,7 +5130,8 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
if (ifmgd->flags & IEEE80211_STA_DISABLE_HE && is_6ghz) {
sdata_info(sdata, "Rejecting non-HE 6/7 GHz connection");
- return -EINVAL;
+ ret = -EINVAL;
+ goto out_no_lock;
}
/* will change later if needed */
@@ -5143,15 +5149,17 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
/* don't downgrade for 5 and 10 MHz channels, though. */
if (chandef.width == NL80211_CHAN_WIDTH_5 ||
chandef.width == NL80211_CHAN_WIDTH_10)
- goto out;
+ goto out_lock;
while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
ret = ieee80211_vif_use_channel(sdata, &chandef,
IEEE80211_CHANCTX_SHARED);
}
- out:
+ out_lock:
mutex_unlock(&local->mtx);
+ out_no_lock:
+ kfree(elems);
return ret;
}
--
2.31.1
Hi Johannes,
This patch need a new version for fix the issue of NULL pointer it
exist.
You can review others:)
The change I will add in new version is like below.
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 0ebf6ae6dd525f..bee2a3f3bbc161 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -5026,11 +5026,15 @@ static int ieee80211_prep_channel(struct
ieee80211_sub_if_data *sdata,
if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && !is_6ghz) {
const u8 *ht_oper_ie, *ht_cap_ie;
- ht_oper_ie = ((const u8 *)elems->ht_operation) - 2;
+ ht_oper_ie = elems->ht_operation ?
+ ((const u8 *)elems->ht_operation) - 2 :
+ NULL;
if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
ht_oper = (void *)(ht_oper_ie + 2);
- ht_cap_ie = ((const u8 *)elems->ht_cap_elem) - 2;
+ ht_cap_ie = elems->ht_cap_elem ?
+ ((const u8 *)elems->ht_cap_elem) - 2 :
+ NULL;
if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap))
ht_cap = (void *)(ht_cap_ie + 2);
@@ -5043,7 +5047,9 @@ static int ieee80211_prep_channel(struct
ieee80211_sub_if_data *sdata,
if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && !is_6ghz) {
const u8 *vht_oper_ie, *vht_cap;
- vht_oper_ie = ((const u8 *)elems->vht_operation) - 2;
+ vht_oper_ie = elems->vht_operation ?
+ ((const u8 *)elems->vht_operation) - 2 :
+ NULL;
if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
vht_oper = (void *)(vht_oper_ie + 2);
if (vht_oper && !ht_oper) {
@@ -5055,7 +5061,9 @@ static int ieee80211_prep_channel(struct
ieee80211_sub_if_data *sdata,
ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
}
- vht_cap = ((const u8 *)elems->vht_cap_elem) - 2;
+ vht_cap = elems->vht_cap_elem ?
+ ((const u8 *)elems->vht_cap_elem) - 2 :
+ NULL;
if (!vht_cap || vht_cap[1] < sizeof(struct
ieee80211_vht_cap)) {
ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
vht_oper = NULL;
@@ -5065,7 +5073,9 @@ static int ieee80211_prep_channel(struct
ieee80211_sub_if_data *sdata,
if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) {
const u8 *he_oper_ie;
- he_oper_ie = ((const u8 *)elems->he_operation) - 3;
+ he_oper_ie = elems->he_operation ?
+ ((const u8 *)elems->he_operation) - 3 :
+ NULL;
if (he_oper_ie &&
he_oper_ie[1] >=
ieee80211_he_oper_size(&he_oper_ie[3]))
he_oper = (void *)(he_oper_ie + 3);
@@ -5117,7 +5127,9 @@ static int ieee80211_prep_channel(struct
ieee80211_sub_if_data *sdata,
if (sband->band == NL80211_BAND_S1GHZ) {
const u8 *s1g_oper_ie;
- s1g_oper_ie = ((const u8 *)elems->s1g_oper) - 2;
+ s1g_oper_ie = elems->s1g_oper ?
+ ((const u8 *)elems->s1g_oper) - 2 :
+ NULL;
if (s1g_oper_ie && s1g_oper_ie[1] >= sizeof(*s1g_oper))
s1g_oper = (void *)(s1g_oper_ie + 2);
else
On 2021-09-03 19:48, Wen Gong wrote:
> In function ieee80211_prep_channel(), it has some
> ieee80211_bss_get_ie()
> and cfg80211_find_ext_ie() to get the IE, this is to use another
> function ieee802_11_parse_elems() to get all the IEs in one time.
>
> Signed-off-by: Wen Gong <[email protected]>
> ---
> net/mac80211/mlme.c | 40 ++++++++++++++++++++++++----------------
> 1 file changed, 24 insertions(+), 16 deletions(-)
>
> diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
> index 2480bd0577bb..6b32cdd590cd 100644
> --- a/net/mac80211/mlme.c
> +++ b/net/mac80211/mlme.c
> @@ -5001,10 +5001,22 @@ static int ieee80211_prep_channel(struct
> ieee80211_sub_if_data *sdata,
> bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
> bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
> struct ieee80211_bss *bss = (void *)cbss->priv;
> + struct ieee802_11_elems *elems;
> + const struct cfg80211_bss_ies *ies;
> int ret;
> u32 i;
> bool have_80mhz;
>
> + elems = kzalloc(sizeof(*elems), GFP_KERNEL);
> + if (!elems)
> + return -ENOMEM;
> +
> + rcu_read_lock();
> +
> + ies = rcu_dereference(cbss->ies);
> + ieee802_11_parse_elems(ies->data, ies->len, false, elems,
> + NULL, NULL);
> +
> sband = local->hw.wiphy->bands[cbss->channel->band];
>
> ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
> @@ -5026,16 +5038,14 @@ static int ieee80211_prep_channel(struct
> ieee80211_sub_if_data *sdata,
> if (!ieee80211_get_he_sta_cap(sband))
> ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
>
> - rcu_read_lock();
> -
> if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && !is_6ghz) {
> const u8 *ht_oper_ie, *ht_cap_ie;
>
> - ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
> + ht_oper_ie = ((const u8 *)elems->ht_operation) - 2;
> if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
> ht_oper = (void *)(ht_oper_ie + 2);
>
> - ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
> + ht_cap_ie = ((const u8 *)elems->ht_cap_elem) - 2;
> if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap))
> ht_cap = (void *)(ht_cap_ie + 2);
>
> @@ -5048,8 +5058,7 @@ static int ieee80211_prep_channel(struct
> ieee80211_sub_if_data *sdata,
> if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && !is_6ghz) {
> const u8 *vht_oper_ie, *vht_cap;
>
> - vht_oper_ie = ieee80211_bss_get_ie(cbss,
> - WLAN_EID_VHT_OPERATION);
> + vht_oper_ie = ((const u8 *)elems->vht_operation) - 2;
> if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
> vht_oper = (void *)(vht_oper_ie + 2);
> if (vht_oper && !ht_oper) {
> @@ -5061,7 +5070,7 @@ static int ieee80211_prep_channel(struct
> ieee80211_sub_if_data *sdata,
> ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
> }
>
> - vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
> + vht_cap = ((const u8 *)elems->vht_cap_elem) - 2;
> if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
> ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
> vht_oper = NULL;
> @@ -5069,12 +5078,9 @@ static int ieee80211_prep_channel(struct
> ieee80211_sub_if_data *sdata,
> }
>
> if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) {
> - const struct cfg80211_bss_ies *ies;
> const u8 *he_oper_ie;
>
> - ies = rcu_dereference(cbss->ies);
> - he_oper_ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION,
> - ies->data, ies->len);
> + he_oper_ie = ((const u8 *)elems->he_operation) - 3;
> if (he_oper_ie &&
> he_oper_ie[1] >= ieee80211_he_oper_size(&he_oper_ie[3]))
> he_oper = (void *)(he_oper_ie + 3);
> @@ -5102,8 +5108,7 @@ static int ieee80211_prep_channel(struct
> ieee80211_sub_if_data *sdata,
> if (sband->band == NL80211_BAND_S1GHZ) {
> const u8 *s1g_oper_ie;
>
> - s1g_oper_ie = ieee80211_bss_get_ie(cbss,
> - WLAN_EID_S1G_OPERATION);
> + s1g_oper_ie = ((const u8 *)elems->s1g_oper) - 2;
> if (s1g_oper_ie && s1g_oper_ie[1] >= sizeof(*s1g_oper))
> s1g_oper = (void *)(s1g_oper_ie + 2);
> else
> @@ -5125,7 +5130,8 @@ static int ieee80211_prep_channel(struct
> ieee80211_sub_if_data *sdata,
>
> if (ifmgd->flags & IEEE80211_STA_DISABLE_HE && is_6ghz) {
> sdata_info(sdata, "Rejecting non-HE 6/7 GHz connection");
> - return -EINVAL;
> + ret = -EINVAL;
> + goto out_no_lock;
> }
>
> /* will change later if needed */
> @@ -5143,15 +5149,17 @@ static int ieee80211_prep_channel(struct
> ieee80211_sub_if_data *sdata,
> /* don't downgrade for 5 and 10 MHz channels, though. */
> if (chandef.width == NL80211_CHAN_WIDTH_5 ||
> chandef.width == NL80211_CHAN_WIDTH_10)
> - goto out;
> + goto out_lock;
>
> while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
> ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
> ret = ieee80211_vif_use_channel(sdata, &chandef,
> IEEE80211_CHANCTX_SHARED);
> }
> - out:
> + out_lock:
> mutex_unlock(&local->mtx);
> + out_no_lock:
> + kfree(elems);
> return ret;
> }