From 8f7e398350faf158484163489a55eba9d55d4129 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Mon, 24 Nov 2014 17:13:54 +0000
Subject: [PATCH] mac80211: fix a crash on getting the channel in WDS AP mode
 (#18400)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43367
---
 ...11-copy-chandef-from-AP-vif-to-VLANs.patch | 82 +++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 package/kernel/mac80211/patches/323-mac80211-copy-chandef-from-AP-vif-to-VLANs.patch

diff --git a/package/kernel/mac80211/patches/323-mac80211-copy-chandef-from-AP-vif-to-VLANs.patch b/package/kernel/mac80211/patches/323-mac80211-copy-chandef-from-AP-vif-to-VLANs.patch
new file mode 100644
index 0000000000..fca0c1650a
--- /dev/null
+++ b/package/kernel/mac80211/patches/323-mac80211-copy-chandef-from-AP-vif-to-VLANs.patch
@@ -0,0 +1,82 @@
+From: Felix Fietkau <nbd@openwrt.org>
+Date: Mon, 24 Nov 2014 18:09:03 +0100
+Subject: [PATCH] mac80211: copy chandef from AP vif to VLANs
+
+Fixes a crash in nl80211_send_chandef, introduced in
+
+commit c12bc4885f4b3bab0ed779c69d5d7e3223fa5003
+"mac80211: return the vif's chandef in ieee80211_cfg_get_channel()"
+
+Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+---
+
+--- a/net/mac80211/chan.c
++++ b/net/mac80211/chan.c
+@@ -932,6 +932,21 @@ ieee80211_vif_chanctx_reservation_comple
+ 	}
+ }
+ 
++static void
++ieee80211_vif_update_chandef(struct ieee80211_sub_if_data *sdata,
++			     const struct cfg80211_chan_def *chandef)
++{
++	struct ieee80211_sub_if_data *vlan;
++
++	sdata->vif.bss_conf.chandef = *chandef;
++
++	if (sdata->vif.type != NL80211_IFTYPE_AP)
++		return;
++
++	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
++		vlan->vif.bss_conf.chandef = *chandef;
++}
++
+ static int
+ ieee80211_vif_use_reserved_reassign(struct ieee80211_sub_if_data *sdata)
+ {
+@@ -994,7 +1009,7 @@ ieee80211_vif_use_reserved_reassign(stru
+ 	if (sdata->vif.bss_conf.chandef.width != sdata->reserved_chandef.width)
+ 		changed = BSS_CHANGED_BANDWIDTH;
+ 
+-	sdata->vif.bss_conf.chandef = sdata->reserved_chandef;
++	ieee80211_vif_update_chandef(sdata, &sdata->reserved_chandef);
+ 
+ 	if (changed)
+ 		ieee80211_bss_info_change_notify(sdata, changed);
+@@ -1336,7 +1351,7 @@ static int ieee80211_vif_use_reserved_sw
+ 			    sdata->reserved_chandef.width)
+ 				changed = BSS_CHANGED_BANDWIDTH;
+ 
+-			sdata->vif.bss_conf.chandef = sdata->reserved_chandef;
++			ieee80211_vif_update_chandef(sdata, &sdata->reserved_chandef);
+ 			if (changed)
+ 				ieee80211_bss_info_change_notify(sdata,
+ 								 changed);
+@@ -1507,7 +1522,7 @@ int ieee80211_vif_use_channel(struct iee
+ 		goto out;
+ 	}
+ 
+-	sdata->vif.bss_conf.chandef = *chandef;
++	ieee80211_vif_update_chandef(sdata, chandef);
+ 
+ 	ret = ieee80211_assign_vif_chanctx(sdata, ctx);
+ 	if (ret) {
+@@ -1649,7 +1664,7 @@ int ieee80211_vif_change_bandwidth(struc
+ 		break;
+ 	}
+ 
+-	sdata->vif.bss_conf.chandef = *chandef;
++	ieee80211_vif_update_chandef(sdata, chandef);
+ 
+ 	ieee80211_recalc_chanctx_chantype(local, ctx);
+ 
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -520,6 +520,7 @@ int ieee80211_do_open(struct wireless_de
+ 		sdata->vif.cab_queue = master->vif.cab_queue;
+ 		memcpy(sdata->vif.hw_queue, master->vif.hw_queue,
+ 		       sizeof(sdata->vif.hw_queue));
++		sdata->vif.bss_conf.chandef = master->vif.bss_conf.chandef;
+ 		break;
+ 		}
+ 	case NL80211_IFTYPE_AP:
-- 
2.30.2