From patchwork Mon Oct 13 09:48:12 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Karl Beldan X-Patchwork-Id: 5074791 Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 4039A9F30B for ; Mon, 13 Oct 2014 09:48:46 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 67D7E201EC for ; Mon, 13 Oct 2014 09:48:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6398F200EC for ; Mon, 13 Oct 2014 09:48:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753580AbaJMJsm (ORCPT ); Mon, 13 Oct 2014 05:48:42 -0400 Received: from mail-wi0-f175.google.com ([209.85.212.175]:55096 "EHLO mail-wi0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752903AbaJMJsl (ORCPT ); Mon, 13 Oct 2014 05:48:41 -0400 Received: by mail-wi0-f175.google.com with SMTP id d1so6853292wiv.8 for ; Mon, 13 Oct 2014 02:48:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=0D1BY2YnGfmrZkmg/3DQ4PH8JY/BwEksyKEwY6rcG+w=; b=WGgpV37VsYqMItCMJkd+OTfWpDNHXI+iEgGfDDo1FduughN2ekoRCg3EUhFlbzZcVv KBCIORR4Slh5seB7Ol6ln1QHMWYFotbu1X58MOD0blaKxSRjlf1BRuJ64xDU231c77ic KvYGHDvfUtqLqIThFU8wbxDvWGgkhXrV3gIX81QLoGeSmE/UvbCIlHPTBy7/ERY3rcfu PtmYfYuPEW0zP21jWhY8rI0/lGcwONv3g+k3dppN4++Ls1p7MhG680ZIssaPqf9o0rQL 9uxp305UAYVe5HL+n9dt//Mqba0JdYNBNfYuOLlaMgC0Uld+dYpcOr2U5CAa2Y0zdR6N TfSA== X-Received: by 10.194.89.225 with SMTP id br1mr20029894wjb.51.1413193720543; Mon, 13 Oct 2014 02:48:40 -0700 (PDT) Received: from magnum.frso.rivierawaves.com (ppp-seco11pa2-46-193-143-43.wb.wifirst.net. [46.193.143.43]) by mx.google.com with ESMTPSA id bt9sm15997356wjc.44.2014.10.13.02.48.39 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 13 Oct 2014 02:48:39 -0700 (PDT) From: Karl Beldan To: Johannes Berg Cc: linux-wireless , Karl Beldan , Karl Beldan , stable@kernel.org Subject: [PATCH] mac80211: fix typo in starting baserate for rts_cts_rate_idx Date: Mon, 13 Oct 2014 11:48:12 +0200 Message-Id: <1413193692-30521-1-git-send-email-karl.beldan@gmail.com> X-Mailer: git-send-email 2.0.1 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Karl Beldan It affects non-(V)HT rates and can lead to selecting an rts_cts rate that is not a basic rate or way superior to the reference rate (ATM rates[0] used for the 1st attempt of the protected frame data). E.g, assuming drivers register growing (bitrate) sorted tables of ieee80211_rate-s, having : - rates[0].idx == d'2 and basic_rates == b'10100 will select rts_cts idx b'10011 & ~d'(BIT(2)-1), i.e. 1, likewise - rates[0].idx == d'2 and basic_rates == b'10001 will select rts_cts idx b'10000 The first is not a basic rate and the second is > rates[0]. Also, wrt severity of the addressed misbehavior, ATM we only have one rts_cts_rate_idx rather than one per rate table entry, so this idx might still point to bitrates > rates[1..MAX_RATES]. Fixes: 5253ffb8 ("mac80211: always pick a basic rate to tx RTS/CTS for pre-HT rates") Signed-off-by: Karl Beldan --- net/mac80211/rate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c index 8fdadfd..6081329 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -448,7 +448,7 @@ static void rate_fixup_ratelist(struct ieee80211_vif *vif, */ if (!(rates[0].flags & IEEE80211_TX_RC_MCS)) { u32 basic_rates = vif->bss_conf.basic_rates; - s8 baserate = basic_rates ? ffs(basic_rates - 1) : 0; + s8 baserate = basic_rates ? ffs(basic_rates) - 1 : 0; rate = &sband->bitrates[rates[0].idx];