git: 5c16917bac65 - stable/14 - net80211: in ieee80211_sta_join() only do_ht if HT is avail

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bjoern A. Zeeb <bz_at_FreeBSD.org>
Date: Sun, 13 Jul 2025 19:31:03 UTC
The branch stable/14 has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=5c16917bac65f6d44ec8208861ace61835d38825

commit 5c16917bac65f6d44ec8208861ace61835d38825
Author:     Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2025-06-18 21:58:20 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-07-13 19:25:02 +0000

    net80211: in ieee80211_sta_join() only do_ht if HT is avail
    
    In ieee80211_sta_join() there are currently two ways to set
    "do_ht": (1) after checking HT IEs are avail, and (2) after
    checking VHT IEs are avail and we are not on 2GHz.
    
    In the latter case no one checks that HT IEs are available and
    when we hit ieee80211_ht_updateparams_final() htinfo may be NULL
    and we panic.
    
    Avoid this by only checking for VHT if do_ht was set.
    No VHT without HT IEs.
    
    While here switch do_ht to be a bool.
    
    Sponsored by:   The FreeBSD Foundation
    PR:             287625
    Fixes:          51172f62a753f
    Reviewed by:    adrian
    Differential Revision: https://reviews.freebsd.org/D50923
    
    (cherry picked from commit f51c794cbc80682931d47264e3c18329bae0a2c1)
---
 sys/net80211/ieee80211_node.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sys/net80211/ieee80211_node.c b/sys/net80211/ieee80211_node.c
index ae22dc036bb6..288f25ec9681 100644
--- a/sys/net80211/ieee80211_node.c
+++ b/sys/net80211/ieee80211_node.c
@@ -939,7 +939,7 @@ ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan,
 {
 	struct ieee80211com *ic = vap->iv_ic;
 	struct ieee80211_node *ni;
-	int do_ht = 0;
+	bool do_ht;
 
 	ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr,
 	    __func__, __LINE__);
@@ -1015,6 +1015,7 @@ ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan,
 	 * association request/response, the only appropriate place
 	 * to setup the HT state is here.
 	 */
+	do_ht = false;
 	if (ni->ni_ies.htinfo_ie != NULL &&
 	    ni->ni_ies.htcap_ie != NULL &&
 	    vap->iv_flags_ht & IEEE80211_FHT_HT) {
@@ -1022,7 +1023,7 @@ ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan,
 		ieee80211_ht_updateparams(ni,
 		    ni->ni_ies.htcap_ie,
 		    ni->ni_ies.htinfo_ie);
-		do_ht = 1;
+		do_ht = true;
 	}
 
 	/*
@@ -1031,7 +1032,7 @@ ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan,
 	 *
 	 * For now, don't allow 2GHz VHT operation.
 	 */
-	if (ni->ni_ies.vhtopmode_ie != NULL &&
+	if (do_ht && ni->ni_ies.vhtopmode_ie != NULL &&
 	    ni->ni_ies.vhtcap_ie != NULL &&
 	    vap->iv_vht_flags & IEEE80211_FVHT_VHT) {
 		if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {