wifi: cfg80211: check extended MLD capa/ops in assoc

Check that additionally extended MLD capa/ops for the MLD is
consistent, i.e. the same value is reported by all affiliated
APs/links.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20250101070249.e29f42c7ae21.Ib2cdce608321ad154e4b13103cc315c3e3cb6b2b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 05dedc45505ce191daa4083d61318fdaceb01aca..9c0e2617fe8f03e8241aa24cb416a74d36d0ae26 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -4961,6 +4961,7 @@ struct ieee80211_multi_link_elem {
 #define IEEE80211_MLC_BASIC_PRES_EML_CAPA              0x0080
 #define IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP           0x0100
 #define IEEE80211_MLC_BASIC_PRES_MLD_ID                        0x0200
+#define IEEE80211_MLC_BASIC_PRES_EXT_MLD_CAPA_OP       0x0400
 
 #define IEEE80211_MED_SYNC_DELAY_DURATION              0x00ff
 #define IEEE80211_MED_SYNC_DELAY_SYNC_OFDM_ED_THRESH   0x0f00
@@ -5226,6 +5227,47 @@ static inline u16 ieee80211_mle_get_mld_capa_op(const u8 *data)
        return get_unaligned_le16(common);
 }
 
+/**
+ * ieee80211_mle_get_ext_mld_capa_op - returns the extended MLD capabilities
+ *     and operations.
+ * @data: pointer to the multi-link element
+ * Return: the extended MLD capabilities and operations field value from
+ *     the multi-link element, or 0 if not present
+ *
+ * The element is assumed to be of the correct type (BASIC) and big enough,
+ * this must be checked using ieee80211_mle_type_ok().
+ */
+static inline u16 ieee80211_mle_get_ext_mld_capa_op(const u8 *data)
+{
+       const struct ieee80211_multi_link_elem *mle = (const void *)data;
+       u16 control = le16_to_cpu(mle->control);
+       const u8 *common = mle->variable;
+
+       /*
+        * common points now at the beginning of
+        * ieee80211_mle_basic_common_info
+        */
+       common += sizeof(struct ieee80211_mle_basic_common_info);
+
+       if (!(control & IEEE80211_MLC_BASIC_PRES_EXT_MLD_CAPA_OP))
+               return 0;
+
+       if (control & IEEE80211_MLC_BASIC_PRES_LINK_ID)
+               common += 1;
+       if (control & IEEE80211_MLC_BASIC_PRES_BSS_PARAM_CH_CNT)
+               common += 1;
+       if (control & IEEE80211_MLC_BASIC_PRES_MED_SYNC_DELAY)
+               common += 2;
+       if (control & IEEE80211_MLC_BASIC_PRES_EML_CAPA)
+               common += 2;
+       if (control & IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP)
+               common += 2;
+       if (control & IEEE80211_MLC_BASIC_PRES_MLD_ID)
+               common += 1;
+
+       return get_unaligned_le16(common);
+}
+
 /**
  * ieee80211_mle_get_mld_id - returns the MLD ID
  * @data: pointer to the multi-link element
@@ -5298,6 +5340,8 @@ static inline bool ieee80211_mle_size_ok(const u8 *data, size_t len)
                        common += 2;
                if (control & IEEE80211_MLC_BASIC_PRES_MLD_ID)
                        common += 1;
+               if (control & IEEE80211_MLC_BASIC_PRES_EXT_MLD_CAPA_OP)
+                       common += 2;
                break;
        case IEEE80211_ML_CONTROL_TYPE_PREQ:
                common += sizeof(struct ieee80211_mle_preq_common_info);

diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 9d577523462d5a2b8eab1c8bec4007a3dfc839b3..5c09bf4cdc2e36e38b4be59d8f985973f05f53af 100644 (file)
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -352,6 +352,13 @@ cfg80211_mlme_check_mlo_compat(const struct ieee80211_multi_link_elem *mle_a,
                return -EINVAL;
        }
 
+       if (ieee80211_mle_get_ext_mld_capa_op((const u8 *)mle_a) !=
+           ieee80211_mle_get_ext_mld_capa_op((const u8 *)mle_b)) {
+               NL_SET_ERR_MSG(extack,
+                              "extended link MLD capabilities/ops mismatch");
+               return -EINVAL;
+       }
+
        return 0;
 }