Commit ab9177d8 authored by Johannes Berg's avatar Johannes Berg
Browse files

wifi: mac80211: don't use rate mask for scanning 



The rate mask is intended for use during operation, and
can be set to only have masks for the currently active
band. As such, it cannot be used for scanning which can
be on other bands as well.

Simply ignore the rate masks during scanning to avoid
warnings from incorrect settings.

Reported-by: default avatar <syzbot+fdc5123366fb9c3fdc6d@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=fdc5123366fb9c3fdc6d


Co-developed-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
Tested-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
Link: https://msgid.link/20240326220854.9594cbb418ca.I7f86c0ba1f98cf7e27c2bacf6c2d417200ecea5c@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 7c1c73bf

include/net/mac80211.h

+3 −0
Original line number Diff line number Diff line
@@ -953,6 +953,8 @@ enum mac80211_tx_info_flags { 
 *	of their QoS TID or other priority field values.

 * @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally

 *	for sequence number assignment

 * @IEEE80211_TX_CTRL_SCAN_TX: Indicates that this frame is transmitted

 *	due to scanning, not in normal operation on the interface.

 * @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this

 *	frame should be transmitted on the specific link. This really is

 *	only relevant for frames that do not have data present, and is
@@ -973,6 +975,7 @@ enum mac80211_tx_control_flags { 
	IEEE80211_TX_CTRL_NO_SEQNO		= BIT(7),

	IEEE80211_TX_CTRL_DONT_REORDER		= BIT(8),

	IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX	= BIT(9),

	IEEE80211_TX_CTRL_SCAN_TX		= BIT(10),

	IEEE80211_TX_CTRL_MLO_LINK		= 0xf0000000,

};

net/mac80211/rate.c

+5 −1
Original line number Diff line number Diff line
@@ -877,6 +877,7 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, 
	struct ieee80211_sub_if_data *sdata;

	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);

	struct ieee80211_supported_band *sband;

	u32 mask = ~0;



	rate_control_fill_sta_table(sta, info, dest, max_rates);
@@ -889,9 +890,12 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, 
	if (ieee80211_is_tx_data(skb))

		rate_control_apply_mask(sdata, sta, sband, dest, max_rates);



	if (!(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX))

		mask = sdata->rc_rateidx_mask[info->band];



	if (dest[0].idx < 0)

		__rate_control_send_low(&sdata->local->hw, sband, sta, info,

					sdata->rc_rateidx_mask[info->band]);

					mask);



	if (sta)

		rate_fixup_ratelist(vif, sband, info, dest, max_rates);

net/mac80211/scan.c

+1 −0
Original line number Diff line number Diff line
@@ -648,6 +648,7 @@ static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, 
				cpu_to_le16(IEEE80211_SN_TO_SEQ(sn));

		}

		IEEE80211_SKB_CB(skb)->flags |= tx_flags;

		IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_SCAN_TX;

		ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band);

	}

}

net/mac80211/tx.c

+9 −4
Original line number Diff line number Diff line
@@ -698,11 +698,16 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) 
	txrc.bss_conf = &tx->sdata->vif.bss_conf;

	txrc.skb = tx->skb;

	txrc.reported_rate.idx = -1;



	if (unlikely(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) {

		txrc.rate_idx_mask = ~0;

	} else {

		txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];



		if (tx->sdata->rc_has_mcs_mask[info->band])

			txrc.rate_idx_mcs_mask =

				tx->sdata->rc_rateidx_mcs_mask[info->band];

	}



	txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||

		    tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||