From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Johannes Berg <johannes.berg@intel.com>,
syzbot+fdc5123366fb9c3fdc6d@syzkaller.appspotmail.com,
Dmitry Antipov <dmantipov@yandex.ru>,
Sasha Levin <sashal@kernel.org>,
johannes@sipsolutions.net, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 6.8 03/23] wifi: mac80211: don't use rate mask for scanning
Date: Tue, 7 May 2024 18:56:29 -0400 [thread overview]
Message-ID: <20240507225725.390306-3-sashal@kernel.org> (raw)
In-Reply-To: <20240507225725.390306-1-sashal@kernel.org>
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit ab9177d83c040eba58387914077ebca56f14fae6 ]
The rate mask is intended for use during operation, and
can be set to only have masks for the currently active
band. As such, it cannot be used for scanning which can
be on other bands as well.
Simply ignore the rate masks during scanning to avoid
warnings from incorrect settings.
Reported-by: syzbot+fdc5123366fb9c3fdc6d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=fdc5123366fb9c3fdc6d
Co-developed-by: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Tested-by: Dmitry Antipov <dmantipov@yandex.ru>
Link: https://msgid.link/20240326220854.9594cbb418ca.I7f86c0ba1f98cf7e27c2bacf6c2d417200ecea5c@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/mac80211.h | 3 +++
net/mac80211/rate.c | 6 +++++-
net/mac80211/scan.c | 1 +
net/mac80211/tx.c | 13 +++++++++----
4 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index d400fe2e8668d..df9b578e58bb2 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -932,6 +932,8 @@ enum mac80211_tx_info_flags {
* of their QoS TID or other priority field values.
* @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally
* for sequence number assignment
+ * @IEEE80211_TX_CTRL_SCAN_TX: Indicates that this frame is transmitted
+ * due to scanning, not in normal operation on the interface.
* @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this
* frame should be transmitted on the specific link. This really is
* only relevant for frames that do not have data present, and is
@@ -952,6 +954,7 @@ enum mac80211_tx_control_flags {
IEEE80211_TX_CTRL_NO_SEQNO = BIT(7),
IEEE80211_TX_CTRL_DONT_REORDER = BIT(8),
IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX = BIT(9),
+ IEEE80211_TX_CTRL_SCAN_TX = BIT(10),
IEEE80211_TX_CTRL_MLO_LINK = 0xf0000000,
};
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 0efdaa8f2a92e..3cf252418bd38 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -877,6 +877,7 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif,
struct ieee80211_sub_if_data *sdata;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_supported_band *sband;
+ u32 mask = ~0;
rate_control_fill_sta_table(sta, info, dest, max_rates);
@@ -889,9 +890,12 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif,
if (ieee80211_is_tx_data(skb))
rate_control_apply_mask(sdata, sta, sband, dest, max_rates);
+ if (!(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX))
+ mask = sdata->rc_rateidx_mask[info->band];
+
if (dest[0].idx < 0)
__rate_control_send_low(&sdata->local->hw, sband, sta, info,
- sdata->rc_rateidx_mask[info->band]);
+ mask);
if (sta)
rate_fixup_ratelist(vif, sband, info, dest, max_rates);
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index f9d5842601fa9..dd0ec34a3f8a8 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -638,6 +638,7 @@ static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata,
cpu_to_le16(IEEE80211_SN_TO_SEQ(sn));
}
IEEE80211_SKB_CB(skb)->flags |= tx_flags;
+ IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_SCAN_TX;
ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band);
}
}
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 6fbb15b65902c..a8a4912bf2cb4 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -701,11 +701,16 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
txrc.bss_conf = &tx->sdata->vif.bss_conf;
txrc.skb = tx->skb;
txrc.reported_rate.idx = -1;
- txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
- if (tx->sdata->rc_has_mcs_mask[info->band])
- txrc.rate_idx_mcs_mask =
- tx->sdata->rc_rateidx_mcs_mask[info->band];
+ if (unlikely(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) {
+ txrc.rate_idx_mask = ~0;
+ } else {
+ txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
+
+ if (tx->sdata->rc_has_mcs_mask[info->band])
+ txrc.rate_idx_mcs_mask =
+ tx->sdata->rc_rateidx_mcs_mask[info->band];
+ }
txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
--
2.43.0
next prev parent reply other threads:[~2024-05-07 22:57 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-07 22:56 [PATCH AUTOSEL 6.8 01/23] HID: nintendo: Fix N64 controller being identified as mouse Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 02/23] dmaengine: xilinx: xdma: Clarify kdoc in XDMA driver Sasha Levin
2024-05-07 22:56 ` Sasha Levin [this message]
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 04/23] wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 05/23] wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 06/23] dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 07/23] HID: mcp-2221: cancel delayed_work only when CONFIG_IIO is enabled Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 08/23] net: usb: qmi_wwan: add Telit FN920C04 compositions Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 09/23] drm/amd/display: Set color_mgmt_changed to true on unsuspend Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 10/23] drm/amdgpu: Update BO eviction priorities Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 11/23] drm/amd/pm: Restore config space after reset Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 12/23] drm/amdkfd: Add VRAM accounting for SVM migration Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 13/23] drm/amdgpu: Fix the ring buffer size for queue VM flush Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 14/23] drm/amdgpu/mes: fix use-after-free issue Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 15/23] Revert "net: txgbe: fix i2c dev name cannot match clkdev" Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 16/23] Revert "net: txgbe: fix clk_name exceed MAX_DEV_ID limits" Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 17/23] cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 18/23] LoongArch: Lately init pmu after smp is online Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 19/23] drm/etnaviv: fix tx clock gating on some GC7000 variants Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 20/23] selftests: sud_test: return correct emulated syscall value on RISC-V Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 21/23] riscv: thead: Rename T-Head PBMT to MAE Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 22/23] riscv: T-Head: Test availability bit before enabling MAE errata Sasha Levin
2024-05-07 22:56 ` [PATCH AUTOSEL 6.8 23/23] sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240507225725.390306-3-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=dmantipov@yandex.ru \
--cc=edumazet@google.com \
--cc=johannes.berg@intel.com \
--cc=johannes@sipsolutions.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+fdc5123366fb9c3fdc6d@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).