From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CABF012E1DC for ; Sat, 9 May 2026 00:46:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.45 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778287608; cv=none; b=OK7qwA3cuXViKO0hlcZSfzp8B8kTED6Rk/LovIMDHSGYwC/h7hoHl6t+3aXa6CYSEOSZJG5xBZeZMJyEuOLkyOU3LlZMupdopE7WxamClROWc9fpX5FTsPx+ZLINwNfFNhCkw4LS8NAX8nG5dKbEbdOEvwVjvnYqZ69RrJjnSdU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778287608; c=relaxed/simple; bh=Qy/C8lPPAxSDdYSX0HVNrhkDW+Sflu2K6O7wQ27lKDE=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=pjPKICg48uHcjhAJSSkgrAp4ooLwx688K9JQVpzsmwjgzXuCCbAmi1LdcSgmrD0dBsTs6KZbgDVsz/m8poGE0yXkuewdjlZXCaHmgiuLCOFDMTGTwG8j1T2c5vHqFks/HD7VRUyboAKSiTw55V+SRgDVBGgM11ET+sufi4iqEas= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YFRODFRv; arc=none smtp.client-ip=209.85.216.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YFRODFRv" Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-365eecc5885so2481532a91.0 for ; Fri, 08 May 2026 17:46:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778287607; x=1778892407; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=m5ayDC9zM93PcmzZdMOeR4wwyCx+XWYV6FtY/Z5CzfA=; b=YFRODFRvD+ETpiD651mx2nKNTCxLzWs6jsqMUwrxWp+mdj3DasvY5IqYz6c/XM9BNM ZnE/J4IiLIBPNvYFnn7UsrC4f3Ba8/vfP4yx/uIiKcxyuo2/DYOIvlbnvqN4ZSd3d9dm 3Uba8qnIpiWu9UCmZvAYFk+lReL2thqaz0Gdc61w8xcrF6vA6KrIBjkCUeLswH33Orj0 B6u4zUG5vS8JG4XHuzvDa+v11SQbK+LBJstZ0E6WSfJhg281zXPNdSByUEW6VumELFg1 QxXS5l3ssWJGfSbs2lm1j4h0j/eMdkLSIAm6SI1mI+U3cV8D6+s9jiTea08IJ1/N1INq RZGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778287607; x=1778892407; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=m5ayDC9zM93PcmzZdMOeR4wwyCx+XWYV6FtY/Z5CzfA=; b=EtkbgV2SsiEL/AcuvV8yQY+8o/AReBwzYC1tpHcH9+dPCrGl5e1FgXSJVOzQvSLI// yxcXv/6M/DEpyny04onYxtCGWBpjG/W6njZO0nnjw2AF7fiko4mdI6H/tOEzj+HMIaKH GXr0wz8kuWU6BEGbgl9erbw6+wKKNS2V7zzxicT86sEsGcE3s5P834r9TWv4BSWFjwHw wbOsY3sXiOmO3logXgVTwoS9hgoL4kBGJ/bH5pu/lX8RCGgh56t3UD63J59lJlDcsyF/ 5kLELY6/q+P6tCuNwmEj+Hkn4o7dk+ZW/9JYz8lirH+DVd95U6IoGnHz71Zg7kvlPZMQ bsgg== X-Forwarded-Encrypted: i=1; AFNElJ9RtVJW0jDmc9ee74rRNGO6iSA/CQlZrq4mpdukGlT44ExyXc367K70V6W+oPhCpB17htkJsn2xwTMUCLE=@vger.kernel.org X-Gm-Message-State: AOJu0YwmGheMC5+JiNBKSi0ay7r6mxhUFwMcKdrPbn+iQCmrQ509hWuQ lbWV4e0s4aSpppuIpdYJWRsPBwmXPfDLxrmQHdreOmnMAM2ke/yaOL0E X-Gm-Gg: Acq92OH4lvnM0lVW+DP3D4+v/KTej8BdmeWWXOCNadaFfJXIWQL3bV9OoYiXeJVnD/c p6cOou9JKFnxox9jRRk6N95WPzQHXxCqtuowD8xkHHxuihVNw18KmrgV44S7Yo4/nhK0T88uVBW YVrteMkoJe6ckzgvD3zKz+0WG6NQGeqNYyxGNAiWWPTz7YXf+pse6U/9N0CtWGT7cVKbE0qb/oG ceK5uzfl3nlqKJyunH6SVJeq5NBDbFQlDm2JMs4C/13NXwY8scpped9pXpPildq6oPNTG56v5H5 fHUeCARsrB/s+tN0Ce5ZF21WY3oTD0LhkQGkf2SRsXdLTADLTs6+LLyrWoILENKjFVq7m06RPUU IWFWSXjWjXR6sna7WkFBP2GRDHUa9WGLAqi9F5cYG0CLexdfIOkyIwFrwikvWCPeHBI8m2+sLhw FR+h8EsPejKg04ivMjNwYSRraN6kCKS47Ohpnl50keoaHSLfdb3nJJvKbYt3TrOA6M0bUQKZrWS 6oO6zr4cmlHB0lC6Q== X-Received: by 2002:a17:90b:4c46:b0:35b:e56e:a17e with SMTP id 98e67ed59e1d1-367d48465f6mr845498a91.17.1778287606686; Fri, 08 May 2026 17:46:46 -0700 (PDT) Received: from deepanshu-kernel-hacker.. ([2405:201:682f:383f:1ef5:8ccc:13df:edc6]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-367d6262349sm266926a91.6.2026.05.08.17.46.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 May 2026 17:46:45 -0700 (PDT) From: Deepanshu Kartikey To: johannes@sipsolutions.net Cc: daniel.gabay@intel.com, miriam.rachel.korenblit@intel.com, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, Deepanshu Kartikey , syzbot+2002864e6c6895cb0ac3@syzkaller.appspotmail.com Subject: [PATCH] wifi: mac80211_hwsim: reject NAN on multi-radio wiphys Date: Sat, 9 May 2026 06:16:28 +0530 Message-ID: <20260509004628.79446-1-kartikey406@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When userspace creates a new hwsim radio with both HWSIM_ATTR_MULTI_RADIO and HWSIM_ATTR_SUPPORT_NAN_DEVICE, hwsim_new_radio_nl() sets BIT(NL80211_IFTYPE_NAN_DATA) in wiphy->interface_modes while configuring the wiphy with n_radio > 1. This violates the invariant checked in wiphy_register(): (interface_modes & BIT(NL80211_IFTYPE_NAN_DATA)) && (!nan_capa.phy.ht.ht_supported || n_radio > 1) triggering a WARN reachable from userspace via genetlink. With panic_on_warn this becomes a denial of service. Refuse the combination at parse time with -EINVAL and an extack message, matching the cfg80211 constraint that NAN is not supported on multi-radio wiphys. Reported-by: syzbot+2002864e6c6895cb0ac3@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2002864e6c6895cb0ac3 Fixes: 2c7c70ee7cee ("wifi: mac80211_hwsim: enable NAN_DATA interface simulation support") Tested-by: syzbot+2002864e6c6895cb0ac3@syzkaller.appspotmail.com Signed-off-by: Deepanshu Kartikey --- drivers/net/wireless/virtual/mac80211_hwsim_main.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/virtual/mac80211_hwsim_main.c b/drivers/net/wireless/virtual/mac80211_hwsim_main.c index dc9775cd9f54..a625a9e3caa7 100644 --- a/drivers/net/wireless/virtual/mac80211_hwsim_main.c +++ b/drivers/net/wireless/virtual/mac80211_hwsim_main.c @@ -6766,9 +6766,15 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info) param.p2p_device = true; } - if (param.nan_device) + if (param.nan_device) { + if (param.multi_radio) { + NL_SET_ERR_MSG(info->extack, + "NAN is not supported on multi-radio wiphys"); + return -EINVAL; + } param.iftypes |= BIT(NL80211_IFTYPE_NAN) | BIT(NL80211_IFTYPE_NAN_DATA); + } if (info->attrs[HWSIM_ATTR_CIPHER_SUPPORT]) { u32 len = nla_len(info->attrs[HWSIM_ATTR_CIPHER_SUPPORT]); -- 2.43.0