cfg80211: only allow S1G channels on S1G band

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

As discovered by syzbot, cfg80211 was accepting S1G
channel widths on non-S1G bands. Add a check for this, and
consolidate the 1MHz frequency check as it ends up being a
subset of the others.

Reported-by: syzbot+92715a0eccd6c881bc32@syzkaller.appspotmail.com
Fixes: 11b34737b18a ("nl80211: support setting S1G channels")
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Link: https://lore.kernel.org/r/20201005165122.17583-1-thomas@adapt-ip.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

authored by

Thomas Pedersen and committed by

Johannes Berg 5 years ago c1cd35c6 12bf8fad

+4 -1

1 changed file

expand all

net

wireless

chan.c

+4 -1

net/wireless/chan.c

··· 207 207 control_freq = chandef->chan->center_freq; 208 208 209 209 switch (chandef->width) { 210 - case NL80211_CHAN_WIDTH_1: 211 210 case NL80211_CHAN_WIDTH_5: 212 211 case NL80211_CHAN_WIDTH_10: 213 212 case NL80211_CHAN_WIDTH_20: ··· 217 218 if (chandef->center_freq2) 218 219 return false; 219 220 break; 221 + case NL80211_CHAN_WIDTH_1: 220 222 case NL80211_CHAN_WIDTH_2: 221 223 case NL80211_CHAN_WIDTH_4: 222 224 case NL80211_CHAN_WIDTH_8: 223 225 case NL80211_CHAN_WIDTH_16: 226 + if (chandef->chan->band != NL80211_BAND_S1GHZ) 227 + return false; 228 + 224 229 control_freq = ieee80211_channel_to_khz(chandef->chan); 225 230 oper_freq = ieee80211_chandef_to_khz(chandef); 226 231 control_width = nl80211_chan_width_to_mhz(