git.kernel.dk Git - linux-block.git/commit

author	Lachlan Hodges <lachlan.hodges@morsemicro.com>
	Tue, 3 Jun 2025 05:35:38 +0000 (15:35 +1000)
committer	Johannes Berg <johannes.berg@intel.com>
	Thu, 5 Jun 2025 09:32:16 +0000 (11:32 +0200)
commit	1e1f706fc2ce90eaaf3480b3d5f27885960d751c
tree	5775ccb7969b2684280857d242b3fdaf22fd1c13	tree
parent	1b98f357dadd6ea613a435fbaef1a5dd7b35fd21	commit \| diff

wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements

S1G beacons are not traditional beacons but a type of extension frame.
Extension frames contain the frame control and duration fields, followed
by zero or more optional fields before the frame body. These optional
fields are distinct from the variable length elements.

The presence of optional fields is indicated in the frame control field.
To correctly locate the elements offset, the frame control must be parsed
to identify which optional fields are present. Currently, mac80211 parses
S1G beacons based on fixed assumptions about the frame layout, without
inspecting the frame control field. This can result in incorrect offsets
to the "variable" portion of the frame.

Properly parse S1G beacon frames by using the field lengths defined in
IEEE 802.11-2024, section 9.3.4.3, ensuring that the elements offset is
calculated accurately.

Fixes: 9eaffe5078ca ("cfg80211: convert S1G beacon to scan results")
Fixes: cd418ba63f0c ("mac80211: convert S1G beacon to scan results")
Signed-off-by: Lachlan Hodges <lachlan.hodges@morsemicro.com>
Link: https://patch.msgid.link/20250603053538.468562-1-lachlan.hodges@morsemicro.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

include/linux/ieee80211.h		diff \| blob \| blame \| history
net/mac80211/mlme.c		diff \| blob \| blame \| history
net/mac80211/scan.c		diff \| blob \| blame \| history
net/wireless/scan.c		diff \| blob \| blame \| history