* [PATCH] wifi: mac80211: avoid non-S1G AID fallback for S1G assoc
@ 2026-06-12 13:36 Zhao Li
2026-06-12 14:07 ` Lachlan Hodges
2026-06-12 15:24 ` [PATCH v2] " Zhao Li
0 siblings, 2 replies; 3+ messages in thread
From: Zhao Li @ 2026-06-12 13:36 UTC (permalink / raw)
To: Johannes Berg, Lachlan Hodges; +Cc: linux-wireless, linux-kernel
When assoc_data->s1g is set and no AID Response element is present,
falling back to mgmt->u.assoc_resp.aid reads the non-S1G
association-response layout.
Keep the fallback for non-S1G only. If a successful S1G association
response omits the AID Response element, abandon the association
instead of proceeding with AID 0.
Fixes: 2a8a6b7c4cb0 ("wifi: mac80211: handle station association response with S1G")
Assisted-by: Codex:gpt-5.5
Assisted-by: Claude:claude-opus-4.8
Signed-off-by: Zhao Li <enderaoelyther@gmail.com>
---
net/mac80211/mlme.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index b98ddfa3003e1..e86adc0371994 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -6737,8 +6737,12 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
if (elems->aid_resp)
aid = le16_to_cpu(elems->aid_resp->aid);
- else
+ else if (!assoc_data->s1g)
aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
+ else if (status_code == WLAN_STATUS_SUCCESS)
+ goto abandon_assoc;
+ else
+ aid = 0;
/*
* The 5 MSB of the AID field are reserved for a non-S1G STA. For
--
2.50.1 (Apple Git-155)
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] wifi: mac80211: avoid non-S1G AID fallback for S1G assoc
2026-06-12 13:36 [PATCH] wifi: mac80211: avoid non-S1G AID fallback for S1G assoc Zhao Li
@ 2026-06-12 14:07 ` Lachlan Hodges
2026-06-12 15:24 ` [PATCH v2] " Zhao Li
1 sibling, 0 replies; 3+ messages in thread
From: Lachlan Hodges @ 2026-06-12 14:07 UTC (permalink / raw)
To: Zhao Li; +Cc: Johannes Berg, linux-wireless, linux-kernel
On Fri, Jun 12, 2026 at 09:36:50PM +0800, Zhao Li wrote:
> When assoc_data->s1g is set and no AID Response element is present,
> falling back to mgmt->u.assoc_resp.aid reads the non-S1G
> association-response layout.
>
> Keep the fallback for non-S1G only. If a successful S1G association
> response omits the AID Response element, abandon the association
> instead of proceeding with AID 0.
It might be nicer to explcitly state that AIDs distributed by an S1G
AP are done via the AID Response Element as opposed to the
(re)assoc response frame fixed field, so if you have an S1G
assoc response with no AID response it is invalid (In addition to
reading from the non-S1G field etc.).
> if (elems->aid_resp)
> aid = le16_to_cpu(elems->aid_resp->aid);
> - else
> + else if (!assoc_data->s1g)
> aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
> + else if (status_code == WLAN_STATUS_SUCCESS)
> + goto abandon_assoc;
> + else
> + aid = 0;
Those last two branches seem a bit weird, the only way to get there
is if you don't have an AID response element with an S1G connection
which is invalid regardless of what the AP status is so I think you
can just have something like:
if (elems->aid_resp)
aid = le16_to_cpu(elems->aid_resp->aid);
else if (!assoc_data->s1g)
aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
else
goto abandon_assoc;
?
lachlan
^ permalink raw reply [flat|nested] 3+ messages in thread* [PATCH v2] wifi: mac80211: avoid non-S1G AID fallback for S1G assoc
2026-06-12 13:36 [PATCH] wifi: mac80211: avoid non-S1G AID fallback for S1G assoc Zhao Li
2026-06-12 14:07 ` Lachlan Hodges
@ 2026-06-12 15:24 ` Zhao Li
1 sibling, 0 replies; 3+ messages in thread
From: Zhao Li @ 2026-06-12 15:24 UTC (permalink / raw)
To: johannes, lachlan.hodges; +Cc: linux-wireless, linux-kernel
When assoc_data->s1g is set and no AID Response element is present,
falling back to mgmt->u.assoc_resp.aid reads the non-S1G
association-response layout.
Keep the fallback for non-S1G only. If a successful S1G association
response omits the AID Response element, abandon the association
instead of proceeding with AID 0. Initialize aid to 0 for other S1G
responses so the later mask and logging flow keeps a defined value
without reading the non-S1G layout.
Fixes: 2a8a6b7c4cb0 ("wifi: mac80211: handle station association response with S1G")
Assisted-by: Codex:gpt-5.5
Assisted-by: Claude:claude-opus-4.8
Signed-off-by: Zhao Li <enderaoelyther@gmail.com>
---
net/mac80211/mlme.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index b98ddfa3003e1..ddd3479f0b403 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -6659,7 +6659,7 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
{
struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
- u16 capab_info, status_code, aid;
+ u16 capab_info, status_code, aid = 0;
struct ieee80211_elems_parse_params parse_params = {
.bss = NULL,
.link_id = -1,
@@ -6737,8 +6737,10 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
if (elems->aid_resp)
aid = le16_to_cpu(elems->aid_resp->aid);
- else
+ else if (!assoc_data->s1g)
aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
+ else if (status_code == WLAN_STATUS_SUCCESS)
+ goto abandon_assoc;
/*
* The 5 MSB of the AID field are reserved for a non-S1G STA. For
--
2.50.1 (Apple Git-155)
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-06-12 15:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-12 13:36 [PATCH] wifi: mac80211: avoid non-S1G AID fallback for S1G assoc Zhao Li
2026-06-12 14:07 ` Lachlan Hodges
2026-06-12 15:24 ` [PATCH v2] " Zhao Li
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox