Commit fe2d61a5 authored by Johannes Berg's avatar Johannes Berg
Browse files

wifi: mac80211: fix multi-link element inheritance 



When parsing a beacon, mac80211 erroneously inherits any
reconfiguration or EPCS multi-link elements from the outer
elements into the multi-BSSID profile that's requested, if
connected to a non-transmitted BSS, unless that profile
has a non-inheritance element.

This also happens if parsing a multi-BSSID profile that
doesn't have a non-inheritance element.

Fix this by having an empty non-inheritance element so
cfg80211_is_element_inherited() is invoked in these cases
and causes the parser to skip the elements that should
never be inherited.

Fixes: cf36cdef ("wifi: mac80211: Add support for parsing Reconfiguration Multi Link element")
Fixes: 24711d60 ("wifi: mac80211: Support parsing EPCS ML element")
Reviewed-by: default avatarIlan Peer <ilan.peer@intel.com>
Reviewed-by: default avatarBenjamin Berg <benjamin.berg@intel.com>
Link: https://patch.msgid.link/20260508091032.92184c0a3f08.I3c43b0b63d2cef8a4ddddaef1c2faaeb1de711ad@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent a74e893f

net/mac80211/parse.c

+33 −3
Original line number Diff line number Diff line
@@ -34,6 +34,15 @@ 
#include "led.h"

#include "wep.h"



static const u8 empty_non_inheritance[] = {

	WLAN_EID_EXTENSION, 1, WLAN_EID_EXT_NON_INHERITANCE,

	/*

	 * cfg80211_is_element_inherited() hardcodes elements that

	 * cannot be inherited, so we just need an empty one to be

	 * calling it at all.

	 */

};



struct ieee80211_elem_defrag {

	const struct element *elem;

	/* container start/len */
@@ -923,7 +932,7 @@ ieee80211_prep_mle_link_parse(struct ieee80211_elems_parse *elems_parse, 
{

	struct ieee802_11_elems *elems = &elems_parse->elems;

	struct ieee80211_mle_per_sta_profile *prof;

	const struct element *tmp;

	const struct element *tmp, *ret;

	ssize_t ml_len;

	const u8 *end;
@@ -993,8 +1002,17 @@ ieee80211_prep_mle_link_parse(struct ieee80211_elems_parse *elems_parse, 
	sub->from_ap = params->from_ap;

	sub->link_id = -1;



	return cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,

	ret = cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,

				     sub->start, sub->len);

	if (ret)

		return ret;



	/*

	 * Since we know we want and found a profile, apply an empty

	 * non-inheritance if the profile didn't have one, so that any

	 * element that shouldn't be inherited by spec isn't.

	 */

	return (const void *)empty_non_inheritance;

}



static const void *
@@ -1030,6 +1048,7 @@ ieee802_11_parse_elems_full(struct ieee80211_elems_parse_params *params) 
	size_t scratch_len = 3 * params->len;

	bool multi_link_inner = false;



	BUILD_BUG_ON(sizeof(empty_non_inheritance) != empty_non_inheritance[1] + 2);

	BUILD_BUG_ON(offsetof(typeof(*elems_parse), elems) != 0);



	/* cannot parse for both a specific link and non-transmitted BSS */
@@ -1077,6 +1096,17 @@ ieee802_11_parse_elems_full(struct ieee80211_elems_parse_params *params) 


		non_inherit = cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,

						     sub.start, nontx_len);

		/*

		 * If it's a non-transmitted BSS, we shouldn't pick

		 * any elements in the outer parsing that shouldn't

		 * be inherited. If the profile has a non-inheritance

		 * element this automatically happens, but if not then

		 * provide an empty one so that the hard-coded elements

		 * in cfg80211_is_element_inherited() are ignored, but

		 * it must be called.

		 */

		if (params->bss->transmitted_bss && !non_inherit)

			non_inherit = (const void *)empty_non_inheritance;

	} else {

		/* must always parse to get elems_parse->ml_basic_elem */

		non_inherit = ieee80211_prep_mle_link_parse(elems_parse, params,