cfg80211: only allow S1G channels on S1G band (c1cd35c6) · Commits · 戴 / test

As discovered by syzbot, cfg80211 was accepting S1G channel widths on non-S1G bands. Add a check for this, and consolidate the 1MHz frequency check as it ends up being a subset of the others. Reported-by:

<syzbot+92715a0eccd6c881bc32@syzkaller.appspotmail.com> Fixes: ("nl80211: support setting S1G channels") Signed-off-by:

Thomas Pedersen <thomas@adapt-ip.com> Link: https://lore.kernel.org/r/20201005165122.17583-1-thomas@adapt-ip.com Signed-off-by:

Johannes Berg <johannes.berg@intel.com>

net/wireless/chan.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -207,7 +207,6 @@ bool cfg80211_chandef_valid(const struct cfg80211_chan_def *chandef)
		control_freq = chandef->chan->center_freq;

		switch (chandef->width) {
		case NL80211_CHAN_WIDTH_1:
		case NL80211_CHAN_WIDTH_5:
		case NL80211_CHAN_WIDTH_10:
		case NL80211_CHAN_WIDTH_20:
		@@ -218,10 +217,14 @@ bool cfg80211_chandef_valid(const struct cfg80211_chan_def *chandef)
		if (chandef->center_freq2)
		return false;
		break;
		case NL80211_CHAN_WIDTH_1:
		case NL80211_CHAN_WIDTH_2:
		case NL80211_CHAN_WIDTH_4:
		case NL80211_CHAN_WIDTH_8:
		case NL80211_CHAN_WIDTH_16:
		if (chandef->chan->band != NL80211_BAND_S1GHZ)
		return false;

		control_freq = ieee80211_channel_to_khz(chandef->chan);
		oper_freq = ieee80211_chandef_to_khz(chandef);
		control_width = nl80211_chan_width_to_mhz(

Admin message