diff mbox series

wifi: mac80211: fix AP chandef capturing in CSA

Message ID 20240709160851.47805f24624d.I024091f701447f7921e93bb23b46e01c2f46347d@changeid
State New
Headers show
Series wifi: mac80211: fix AP chandef capturing in CSA | expand

Commit Message

Johannes Berg July 9, 2024, 2:08 p.m. UTC 
From: Johannes Berg <johannes.berg@intel.com>

When the CSA is announced with only HT elements, the AP
chandef isn't captured correctly, leading to crashes in
the later code that checks for TPE changes during CSA.

Capture the AP chandef correctly in both cases to fix
this.

Reported-by: Jouni Malinen <j@w1.fi>
Fixes: 4540568136fe ("wifi: mac80211: handle TPE element during CSA")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 net/mac80211/spectmgmt.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/net/mac80211/spectmgmt.c b/net/mac80211/spectmgmt.c
index e91ca4ccdd37..073ff9e0f397 100644
--- a/net/mac80211/spectmgmt.c
+++ b/net/mac80211/spectmgmt.c
@@ -343,6 +343,9 @@  int ieee80211_parse_ch_switch_ie(struct ieee80211_sub_if_data *sdata,
 		break;
 	}
 
+	/* capture the AP configuration */
+	csa_ie->chanreq.ap = csa_ie->chanreq.oper;
+
 	/* parse one of the Elements to build a new chandef */
 	memset(&new_chandef, 0, sizeof(new_chandef));
 	new_chandef.chan = new_chan;
@@ -369,11 +372,11 @@  int ieee80211_parse_ch_switch_ie(struct ieee80211_sub_if_data *sdata,
 		validate_chandef_by_ht_vht_oper(sdata, conn, vht_cap_info,
 						&new_chandef);
 
-	/* capture the AP chandef before (potential) downgrading */
-	csa_ie->chanreq.ap = new_chandef;
-
 	/* if data is there validate the bandwidth & use it */
 	if (new_chandef.chan) {
+		/* capture the AP chandef before (potential) downgrading */
+		csa_ie->chanreq.ap = new_chandef;
+
 		if (conn->bw_limit < IEEE80211_CONN_BW_LIMIT_320 &&
 		    new_chandef.width == NL80211_CHAN_WIDTH_320)
 			ieee80211_chandef_downgrade(&new_chandef, NULL);