Commit 7e2f3213 authored by Lachlan Hodges's avatar Lachlan Hodges Committed by Johannes Berg
Browse files

wifi: mac80211: increase scan_ies_len for S1G 



Currently the S1G capability element is not taken into account
for the scan_ies_len, which leads to a buffer length validation
failure in ieee80211_prep_hw_scan() and subsequent WARN in
__ieee80211_start_scan(). This prevents hw scanning from functioning.
To fix ensure we accommodate for the S1G capability length.

Signed-off-by: default avatarLachlan Hodges <lachlan.hodges@morsemicro.com>
Link: https://patch.msgid.link/20250826085437.3493-1-lachlan.hodges@morsemicro.com


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent a33b375a

net/mac80211/main.c

+6 −1
Original line number Diff line number Diff line
@@ -1111,7 +1111,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) 
	int result, i;

	enum nl80211_band band;

	int channels, max_bitrates;

	bool supp_ht, supp_vht, supp_he, supp_eht;

	bool supp_ht, supp_vht, supp_he, supp_eht, supp_s1g;

	struct cfg80211_chan_def dflt_chandef = {};



	if (ieee80211_hw_check(hw, QUEUE_CONTROL) &&
@@ -1227,6 +1227,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) 
	supp_vht = false;

	supp_he = false;

	supp_eht = false;

	supp_s1g = false;

	for (band = 0; band < NUM_NL80211_BANDS; band++) {

		const struct ieee80211_sband_iftype_data *iftd;

		struct ieee80211_supported_band *sband;
@@ -1274,6 +1275,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) 
			max_bitrates = sband->n_bitrates;

		supp_ht = supp_ht || sband->ht_cap.ht_supported;

		supp_vht = supp_vht || sband->vht_cap.vht_supported;

		supp_s1g = supp_s1g || sband->s1g_cap.s1g;



		for_each_sband_iftype_data(sband, i, iftd) {

			u8 he_40_mhz_cap;
@@ -1406,6 +1408,9 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) 
		local->scan_ies_len +=

			2 + sizeof(struct ieee80211_vht_cap);



	if (supp_s1g)

		local->scan_ies_len += 2 + sizeof(struct ieee80211_s1g_cap);



	/*

	 * HE cap element is variable in size - set len to allow max size */

	if (supp_he) {