wifi: mac80211: fix multi-link element inheritance

author Johannes Berg <johannes.berg@intel.com>

Fri, 8 May 2026 07:10:32 +0000 (09:10 +0200)

committer Johannes Berg <johannes.berg@intel.com>

Wed, 20 May 2026 09:19:53 +0000 (11:19 +0200)
author Johannes Berg <johannes.berg@intel.com>
Fri, 8 May 2026 07:10:32 +0000 (09:10 +0200)
committer Johannes Berg <johannes.berg@intel.com>
Wed, 20 May 2026 09:19:53 +0000 (11:19 +0200)
diff --git a/net/mac80211/parse.c b/net/mac80211/parse.c

index 666cdd5fd0ea5b51165a3f7886e9d368393ee40c..77894d997113596f243c7a49e56c1eed89cf3aa1 100644 (file)
--- a/net/mac80211/parse.c
+++ b/net/mac80211/parse.c
@@ -34,6 +34,15 @@
  #include "led.h"
  #include "wep.h"
  
+static const u8 empty_non_inheritance[] = {
+       WLAN_EID_EXTENSION, 1, WLAN_EID_EXT_NON_INHERITANCE,
+       /*
+        * cfg80211_is_element_inherited() hardcodes elements that
+        * cannot be inherited, so we just need an empty one to be
+        * calling it at all.
+        */
+};
+
  struct ieee80211_elem_defrag {
         const struct element *elem;
         /* container start/len */
@@ -923,7 +932,7 @@ ieee80211_prep_mle_link_parse(struct ieee80211_elems_parse *elems_parse,
  {
         struct ieee802_11_elems *elems = &elems_parse->elems;
         struct ieee80211_mle_per_sta_profile *prof;
-       const struct element *tmp;
+       const struct element *tmp, *ret;
         ssize_t ml_len;
         const u8 *end;
  
@@ -993,8 +1002,17 @@ ieee80211_prep_mle_link_parse(struct ieee80211_elems_parse *elems_parse,
         sub->from_ap = params->from_ap;
         sub->link_id = -1;
  
-       return cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
-                                     sub->start, sub->len);
+       ret = cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
+                                    sub->start, sub->len);
+       if (ret)
+               return ret;
+
+       /*
+        * Since we know we want and found a profile, apply an empty
+        * non-inheritance if the profile didn't have one, so that any
+        * element that shouldn't be inherited by spec isn't.
+        */
+       return (const void *)empty_non_inheritance;
  }
  
  static const void *
@@ -1030,6 +1048,7 @@ ieee802_11_parse_elems_full(struct ieee80211_elems_parse_params *params)
         size_t scratch_len = 3 * params->len;
         bool multi_link_inner = false;
  
+       BUILD_BUG_ON(sizeof(empty_non_inheritance) != empty_non_inheritance[1] + 2);
         BUILD_BUG_ON(offsetof(typeof(*elems_parse), elems) != 0);
  
         /* cannot parse for both a specific link and non-transmitted BSS */
@@ -1077,6 +1096,17 @@ ieee802_11_parse_elems_full(struct ieee80211_elems_parse_params *params)
  
                 non_inherit = cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
                                                      sub.start, nontx_len);
+               /*
+                * If it's a non-transmitted BSS, we shouldn't pick
+                * any elements in the outer parsing that shouldn't
+                * be inherited. If the profile has a non-inheritance
+                * element this automatically happens, but if not then
+                * provide an empty one so that the hard-coded elements
+                * in cfg80211_is_element_inherited() are ignored, but
+                * it must be called.
+                */
+               if (params->bss->transmitted_bss && !non_inherit)
+                       non_inherit = (const void *)empty_non_inheritance;
         } else {
                 /* must always parse to get elems_parse->ml_basic_elem */
                 non_inherit = ieee80211_prep_mle_link_parse(elems_parse, params,
author	Johannes Berg <johannes.berg@intel.com>
	Fri, 8 May 2026 07:10:32 +0000 (09:10 +0200)
committer	Johannes Berg <johannes.berg@intel.com>
	Wed, 20 May 2026 09:19:53 +0000 (11:19 +0200)