Patch "wifi: cfg80211: validate AP phy operation before starting it" has been added to the 6.5-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 20 Oct 2023 20:12:14 -0400

This is a note to let you know that I've just added the patch titled

    wifi: cfg80211: validate AP phy operation before starting it

to the 6.5-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     wifi-cfg80211-validate-ap-phy-operation-before-start.patch
and it can be found in the queue-6.5 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 748ceee21e02fa09fd1aa27f2d59548583e518e1
Author: Aditya Kumar Singh <quic_adisi@xxxxxxxxxxx>
Date:   Tue Sep 5 12:18:57 2023 +0530

    wifi: cfg80211: validate AP phy operation before starting it
    
    [ Upstream commit 5112fa502708aaaf80acb78273fc8625f221eb11 ]
    
    Many regulatories can have HE/EHT Operation as not permitted. In such
    cases, AP should not be allowed to start if it is using a channel
    having the no operation flag set. However, currently there is no such
    check in place.
    
    Fix this issue by validating such IEs sent during start AP against the
    channel flags.
    
    Signed-off-by: Aditya Kumar Singh <quic_adisi@xxxxxxxxxxx>
    Reviewed-by: Jeff Johnson <quic_jjohnson@xxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230905064857.1503-1-quic_adisi@xxxxxxxxxxx
    Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 705d1cf048309..3d286f3a60e60 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -5910,6 +5910,21 @@ static void nl80211_send_ap_started(struct wireless_dev *wdev,
 	nlmsg_free(msg);
 }
 
+static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params)
+{
+	struct ieee80211_channel *channel = params->chandef.chan;
+
+	if ((params->he_cap ||  params->he_oper) &&
+	    (channel->flags & IEEE80211_CHAN_NO_HE))
+		return -EOPNOTSUPP;
+
+	if ((params->eht_cap || params->eht_oper) &&
+	    (channel->flags & IEEE80211_CHAN_NO_EHT))
+		return -EOPNOTSUPP;
+
+	return 0;
+}
+
 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
 {
 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
@@ -6179,6 +6194,10 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
 	if (err)
 		goto out_unlock;
 
+	err = nl80211_validate_ap_phy_operation(params);
+	if (err)
+		goto out_unlock;
+
 	if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
 		params->flags = nla_get_u32(
 			info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);






