Commit aadb50d1 authored by Arend van Spriel's avatar Arend van Spriel Committed by Kalle Valo

wifi: brcmfmac: avoid NULL-deref in survey dump for 2G only device

When dealing with a device for 2GHz band only the wiphy->bands for
5GHz will be NULL. This would result in a NULL-deref in the
brcmf_cfg80211_dump_survey() function. Rework the code with a
for-loop to make it easier to add another band.

Fixes: 6c04deae ("brcmfmac: Add dump_survey cfg80211 ops for HostApd AutoChannelSelection")
Signed-off-by: default avatarArend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: default avatarKalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230103124117.271988-3-arend.vanspriel@broadcom.com
parent e5d1ab1a
...@@ -7964,6 +7964,7 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev, ...@@ -7964,6 +7964,7 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev,
struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg)); struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
struct brcmf_dump_survey survey = {}; struct brcmf_dump_survey survey = {};
struct ieee80211_supported_band *band; struct ieee80211_supported_band *band;
enum nl80211_band band_id;
struct cca_msrmnt_query req; struct cca_msrmnt_query req;
u32 noise; u32 noise;
int err; int err;
...@@ -7976,21 +7977,23 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev, ...@@ -7976,21 +7977,23 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev,
return -EBUSY; return -EBUSY;
} }
band = wiphy->bands[NL80211_BAND_2GHZ]; for (band_id = 0; band_id < NUM_NL80211_BANDS; band_id++) {
if (band && idx >= band->n_channels) { band = wiphy->bands[band_id];
if (!band)
continue;
if (idx >= band->n_channels) {
idx -= band->n_channels; idx -= band->n_channels;
band = NULL; continue;
} }
if (!band || idx >= band->n_channels) { info->channel = &band->channels[idx];
band = wiphy->bands[NL80211_BAND_5GHZ]; break;
if (idx >= band->n_channels)
return -ENOENT;
} }
if (band_id == NUM_NL80211_BANDS)
return -ENOENT;
/* Setting current channel to the requested channel */ /* Setting current channel to the requested channel */
info->filled = 0; info->filled = 0;
info->channel = &band->channels[idx];
if (cfg80211_set_channel(wiphy, ndev, info->channel, NL80211_CHAN_HT20)) if (cfg80211_set_channel(wiphy, ndev, info->channel, NL80211_CHAN_HT20))
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment