On 1/19/2024 7:12 AM, Lin Ma wrote:
> Our detector has identified another case of an incomplete policy.
> Specifically, the commit df78a0c0b67d ("nl80211: S1G band and channel
> definitions") introduced the NL80211_BAND_S1GHZ attribute to
> nl80211_band, but it neglected to update the
> nl80211_match_band_rssi_policy accordingly.
>
> Similar commits that add new band types, such as the initial
> commit 1e1b11b6a111 ("nl80211/cfg80211: Specify band specific min RSSI
> thresholds with sched scan"), the commit e548a1c36b11 ("cfg80211: add 6GHz
> in code handling array with NUM_NL80211_BANDS entries"), and the
> commit 63fa04266629 ("nl80211: Add LC placeholder band definition to
> nl80211_band"), all require updates to the policy.
> Failure to do so could result in accessing an attribute of unexpected
> length in the function nl80211_parse_sched_scan_per_band_rssi.
>
> To resolve this issue, this commit adds the policy for the
> NL80211_BAND_S1GHZ attribute.
>
> Fixes: df78a0c0b67d ("nl80211: S1G band and channel definitions")
> Signed-off-by: Lin Ma <linma@xxxxxxxxxx>
> ---
> V1 -> V2: change net-next to wireless as suggested
>
> net/wireless/nl80211.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
> index 60877b532993..980300621a60 100644
> --- a/net/wireless/nl80211.c
> +++ b/net/wireless/nl80211.c
> @@ -911,6 +911,7 @@ nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
> [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
> [NL80211_BAND_6GHZ] = { .type = NLA_S32 },
> [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
> + [NL80211_BAND_S1GHZ] = { .type = NLA_S32 },
> [NL80211_BAND_LC] = { .type = NLA_S32 },
> };
>
something is really suspicious since the NL80211_BAND_* enums are
*value* enums, not attribute ID enums, and hence they should never be
used in an nla_policy.
what is actually using these as attribute IDs, noting that
NL80211_BAND_2GHZ == 0 and hence cannot be used as an attribute ID
seems the logic that introduced this policy needs to be revisited.
