blob: e1b72225d10fc42347976f116a37b694cfb44143 [file] [log] [blame]
From 7bcc3077bb37c17a439785637d8d752516adcf02 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Wed, 25 Mar 2020 09:05:32 +0100
Subject: [PATCH] nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type
commit 0016d3201753b59f3ae84b868fe66c86ad256f19 upstream.
The new opmode notification used this attribute with a u8, when
it's documented as a u32 and indeed used in userspace as such,
it just happens to work on little-endian systems since userspace
isn't doing any strict size validation, and the u8 goes into the
lower byte. Fix this.
Cc: stable@vger.kernel.org
Fixes: 466b9936bf93 ("cfg80211: Add support to notify station's opmode change to userspace")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200325090531.be124f0a11c7.Iedbf4e197a85471ebd729b186d5365c0343bf7a8@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 3d735a79b60a..07f97226f971 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -16176,7 +16176,7 @@ void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
goto nla_put_failure;
if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
- nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
+ nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
goto nla_put_failure;
if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
--
2.7.4