Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ebf348fc authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville
Browse files

cfg80211: validate remain-on-channel time better 



The remain-on-channel time validation shouldn't
depend on the value of HZ, as it does now with
the check against jiffies, since then you might
use a value that works on one system but not on
another. Fix it by checking against a minimum
that's fixed.

Also add validation of the wait duration for a
management frame TX since this also translates
into remain-on-channel internally.

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent ccaf8c32

include/linux/nl80211.h

+2 −0
Original line number Diff line number Diff line
@@ -1522,6 +1522,8 @@ enum nl80211_attrs { 
#define NL80211_MAX_NR_CIPHER_SUITES		5

#define NL80211_MAX_NR_AKM_SUITES		2



#define NL80211_MIN_REMAIN_ON_CHANNEL_TIME	10



/**

 * enum nl80211_iftype - (virtual) interface types

 *

net/wireless/nl80211.c

+16 −7
Original line number Diff line number Diff line
@@ -5545,18 +5545,18 @@ static int nl80211_remain_on_channel(struct sk_buff *skb, 


	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);



	if (!rdev->ops->remain_on_channel ||

	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))

		return -EOPNOTSUPP;



	/*

	 * We should be on that channel for at least one jiffie,

	 * and more than 5 seconds seems excessive.

	 * We should be on that channel for at least a minimum amount of

	 * time (10ms) but no longer than the driver supports.

	 */

	if (!duration || !msecs_to_jiffies(duration) ||

	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||

	    duration > rdev->wiphy.max_remain_on_channel_duration)

		return -EINVAL;



	if (!rdev->ops->remain_on_channel ||

	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))

		return -EOPNOTSUPP;



	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&

	    !nl80211_valid_channel_type(info, &channel_type))

		return -EINVAL;
@@ -5827,6 +5827,15 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 
		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))

			return -EINVAL;

		wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);



		/*

		 * We should wait on the channel for at least a minimum amount

		 * of time (10ms) but no longer than the driver supports.

		 */

		if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||

		    wait > rdev->wiphy.max_remain_on_channel_duration)

			return -EINVAL;



	}



	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {