diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2025-07-18 10:32:36 +0200 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2025-07-18 14:07:35 +0200 |
| commit | 765e98e918ebe0685abbd47994ecc9354163ba24 (patch) | |
| tree | edced9850c04c5937bc19481cc669ab8ca63c871 | |
| parent | 18b3246dbf63a15a5c75a0ed82af03e28918980a (diff) | |
wifi: cfg80211/mac80211: remove wrong scan request n_channels
This (partially) reverts commits
- 838c7b8f1f27 ("wifi: nl80211: Avoid address calculations via out of bounds array indexing")
- f1d3334d604c ("wifi: cfg80211: sme: init n_channels before channels[] access")
- 82bbe02b2500 ("wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request")
These commits all set the structure to be in an inconsistent
state, setting n_channels to some value before them actually
being filled in. That's fine for what the code does now, but
with the removal of __counted_by() in 444020f4bf06 ("wifi:
cfg80211: remove scan request n_channels counted_by") it's no
longer needed and it does leave a bit of a landmine there
since breaking out of some code to send the scan or something
would leave it wrong.
Remove the now superfluous n_channels settings.
Link: https://patch.msgid.link/20250718103237.59510b2384c5.Ied5ba9c5c49efc008f4491c8ca7a45858a83f064@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| -rw-r--r-- | net/mac80211/main.c | 1 | ||||
| -rw-r--r-- | net/wireless/nl80211.c | 1 | ||||
| -rw-r--r-- | net/wireless/sme.c | 1 |
3 files changed, 0 insertions, 3 deletions
diff --git a/net/mac80211/main.c b/net/mac80211/main.c index ec60b82af007..351564360c26 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -1334,7 +1334,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) GFP_KERNEL); if (!local->int_scan_req) return -ENOMEM; - local->int_scan_req->n_channels = channels; eth_broadcast_addr(local->int_scan_req->bssid); diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 63f015ce9ad4..20bc0f052c16 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -9975,7 +9975,6 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) request = kzalloc(size, GFP_KERNEL); if (!request) return -ENOMEM; - request->req.n_channels = n_channels; if (n_ssids) request->req.ssids = (void *)request + ssids_offset; diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 6d7a7e7f0fc2..826ec0a6355f 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -83,7 +83,6 @@ static int cfg80211_conn_scan(struct wireless_dev *wdev) if (!request) return -ENOMEM; - request->req.n_channels = n_channels; if (wdev->conn->params.channel) { enum nl80211_band band = wdev->conn->params.channel->band; struct ieee80211_supported_band *sband = |