From: Mohan Kumar G Date: Fri, 6 Dec 2024 06:14:05 +0000 (+0530) Subject: AP MLD: Fix radar event processing X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=338e79b6f8d452a638da5d746a3fae0f5b5b5bd0;p=thirdparty%2Fhostap.git AP MLD: Fix radar event processing When a radar event is received in an AP MLD operating on a DFS channel, nl80211_radar_event() iterates over all the BSSs available in drv to find a link matching the frequency of the event. If a link match is found, the radar handler function tries to switch to a new channel with the same bandwidth. In case no valid channels are available it disables and re-enables the interface, reallocating the drv BSSs. However, the loop in nl80211_radar_event() function continues to access the old deallocated BSSs' address in the next iteration, causing a crash. Since the radar handler function handles the event for all BSSs in an interface, there is no need to call it again once a link match is found. Hence, fix this issue by exiting the loop after calling the handler if a link match is found for the radar event. Also, since the loop already checks all the BSSs, remove the handler present before the loop. Fixes: bfc89d757b72 ("nl80211: Handle radar event properly during MLO") Signed-off-by: Mohan Kumar G --- diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index e50a81483..f04ac64a1 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -2596,19 +2596,6 @@ static void nl80211_radar_event(struct i802_bss *bss, struct nlattr **tb) if (tb[NL80211_ATTR_CENTER_FREQ2]) data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); - /* Find a link match based on the frequency. If NL80211_DRV_LINK_ID_NA - * is returned, either a match was not found or the BSS could be - * operating as a non-MLO. */ - data.dfs_event.link_id = nl80211_get_link_id_by_freq( - bss, data.dfs_event.freq); - if (data.dfs_event.link_id == NL80211_DRV_LINK_ID_NA) { - /* For non-MLO operation, frequency should still match */ - if (!bss->valid_links && - bss->links[0].freq == data.dfs_event.freq) - return nl80211_process_radar_event(bss, &data, - event_type); - } - wpa_printf(MSG_DEBUG, "nl80211: Checking suitable BSS for the DFS event"); @@ -2616,8 +2603,16 @@ static void nl80211_radar_event(struct i802_bss *bss, struct nlattr **tb) * with NL80211_RADAR_NOP_FINISHED and NL80211_RADAR_PRE_CAC_EXPIRED. * Hence need to check on all BSSs. */ for (bss_iter = drv->first_bss; bss_iter; bss_iter = bss_iter->next) { + /* Find a link match based on the frequency. If + * NL80211_DRV_LINK_ID_NA is returned, either a match was not + * found or the BSS could be operating as a non-MLO. */ data.dfs_event.link_id = nl80211_get_link_id_by_freq( bss_iter, data.dfs_event.freq); + /* If a link match is found, exit the loop after the handler is + * called */ + if (data.dfs_event.link_id != NL80211_DRV_LINK_ID_NA) + return nl80211_process_radar_event(bss_iter, &data, + event_type); if (data.dfs_event.link_id == NL80211_DRV_LINK_ID_NA) { /* For non-MLO operation, frequency should still match */