From: Johannes Berg <[email protected]>
There's a bug in ieee80211_set_unsol_bcast_probe_resp(), it tries
to return BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (which has the value
1<<31) in an int, which makes it negative and considered an error.
Fix this by passing the changed flags to set separately.
Fixes: 3b1c256eb4ae ("wifi: mac80211: fixes in FILS discovery updates")
Signed-off-by: Johannes Berg <[email protected]>
---
net/mac80211/cfg.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 321698012e12..327682995c92 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -5,7 +5,7 @@
* Copyright 2006-2010 Johannes Berg <[email protected]>
* Copyright 2013-2015 Intel Mobile Communications GmbH
* Copyright (C) 2015-2017 Intel Deutschland GmbH
- * Copyright (C) 2018-2022 Intel Corporation
+ * Copyright (C) 2018-2024 Intel Corporation
*/
#include <linux/ieee80211.h>
@@ -987,7 +987,8 @@ static int
ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
struct cfg80211_unsol_bcast_probe_resp *params,
struct ieee80211_link_data *link,
- struct ieee80211_bss_conf *link_conf)
+ struct ieee80211_bss_conf *link_conf,
+ u64 *changed)
{
struct unsol_bcast_probe_resp_data *new, *old = NULL;
@@ -1011,7 +1012,8 @@ ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
RCU_INIT_POINTER(link->u.ap.unsol_bcast_probe_resp, NULL);
}
- return BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
+ *changed |= BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
+ return 0;
}
static int ieee80211_set_ftm_responder_params(
@@ -1450,10 +1452,9 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
err = ieee80211_set_unsol_bcast_probe_resp(sdata,
¶ms->unsol_bcast_probe_resp,
- link, link_conf);
+ link, link_conf, &changed);
if (err < 0)
goto error;
- changed |= err;
err = drv_start_ap(sdata->local, sdata, link_conf);
if (err) {
@@ -1525,10 +1526,9 @@ static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
err = ieee80211_set_unsol_bcast_probe_resp(sdata,
¶ms->unsol_bcast_probe_resp,
- link, link_conf);
+ link, link_conf, &changed);
if (err < 0)
return err;
- changed |= err;
if (beacon->he_bss_color_valid &&
beacon->he_bss_color.enabled != link_conf->he_bss_color.enabled) {
--
2.43.0
On 1/29/2024 10:57 AM, Johannes Berg wrote:
> From: Johannes Berg <[email protected]>
>
> There's a bug in ieee80211_set_unsol_bcast_probe_resp(), it tries
> to return BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (which has the value
> 1<<31) in an int, which makes it negative and considered an error.
> Fix this by passing the changed flags to set separately.
>
> Fixes: 3b1c256eb4ae ("wifi: mac80211: fixes in FILS discovery updates")
> Signed-off-by: Johannes Berg <[email protected]>
Reviewed-by: Jeff Johnson <[email protected]>
> ---
> net/mac80211/cfg.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
> index 321698012e12..327682995c92 100644
> --- a/net/mac80211/cfg.c
> +++ b/net/mac80211/cfg.c
> @@ -5,7 +5,7 @@
> * Copyright 2006-2010 Johannes Berg <[email protected]>
> * Copyright 2013-2015 Intel Mobile Communications GmbH
> * Copyright (C) 2015-2017 Intel Deutschland GmbH
> - * Copyright (C) 2018-2022 Intel Corporation
> + * Copyright (C) 2018-2024 Intel Corporation
> */
>
> #include <linux/ieee80211.h>
> @@ -987,7 +987,8 @@ static int
> ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
> struct cfg80211_unsol_bcast_probe_resp *params,
> struct ieee80211_link_data *link,
> - struct ieee80211_bss_conf *link_conf)
> + struct ieee80211_bss_conf *link_conf,
> + u64 *changed)
> {
> struct unsol_bcast_probe_resp_data *new, *old = NULL;
>
> @@ -1011,7 +1012,8 @@ ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
> RCU_INIT_POINTER(link->u.ap.unsol_bcast_probe_resp, NULL);
> }
>
> - return BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
> + *changed |= BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
> + return 0;
> }
>
> static int ieee80211_set_ftm_responder_params(
> @@ -1450,10 +1452,9 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
>
> err = ieee80211_set_unsol_bcast_probe_resp(sdata,
> ¶ms->unsol_bcast_probe_resp,
> - link, link_conf);
> + link, link_conf, &changed);
> if (err < 0)
> goto error;
> - changed |= err;
>
> err = drv_start_ap(sdata->local, sdata, link_conf);
> if (err) {
> @@ -1525,10 +1526,9 @@ static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
>
> err = ieee80211_set_unsol_bcast_probe_resp(sdata,
> ¶ms->unsol_bcast_probe_resp,
> - link, link_conf);
> + link, link_conf, &changed);
> if (err < 0)
> return err;
> - changed |= err;
>
> if (beacon->he_bss_color_valid &&
> beacon->he_bss_color.enabled != link_conf->he_bss_color.enabled) {