From: Thomas Pedersen Date: Mon, 5 Oct 2020 16:51:22 +0000 (-0700) Subject: cfg80211: only allow S1G channels on S1G band X-Git-Tag: v5.10-rc1~107^2~32^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c1cd35c6060140cebf85f43f8c702abef9eca997;p=thirdparty%2Flinux.git cfg80211: only allow S1G channels on S1G band As discovered by syzbot, cfg80211 was accepting S1G channel widths on non-S1G bands. Add a check for this, and consolidate the 1MHz frequency check as it ends up being a subset of the others. Reported-by: syzbot+92715a0eccd6c881bc32@syzkaller.appspotmail.com Fixes: 11b34737b18a ("nl80211: support setting S1G channels") Signed-off-by: Thomas Pedersen Link: https://lore.kernel.org/r/20201005165122.17583-1-thomas@adapt-ip.com Signed-off-by: Johannes Berg --- diff --git a/net/wireless/chan.c b/net/wireless/chan.c index 96e24ee4c7e8c..22d1779ab2b1b 100644 --- a/net/wireless/chan.c +++ b/net/wireless/chan.c @@ -207,7 +207,6 @@ bool cfg80211_chandef_valid(const struct cfg80211_chan_def *chandef) control_freq = chandef->chan->center_freq; switch (chandef->width) { - case NL80211_CHAN_WIDTH_1: case NL80211_CHAN_WIDTH_5: case NL80211_CHAN_WIDTH_10: case NL80211_CHAN_WIDTH_20: @@ -218,10 +217,14 @@ bool cfg80211_chandef_valid(const struct cfg80211_chan_def *chandef) if (chandef->center_freq2) return false; break; + case NL80211_CHAN_WIDTH_1: case NL80211_CHAN_WIDTH_2: case NL80211_CHAN_WIDTH_4: case NL80211_CHAN_WIDTH_8: case NL80211_CHAN_WIDTH_16: + if (chandef->chan->band != NL80211_BAND_S1GHZ) + return false; + control_freq = ieee80211_channel_to_khz(chandef->chan); oper_freq = ieee80211_chandef_to_khz(chandef); control_width = nl80211_chan_width_to_mhz(