• Karl Beldan's avatar
    mac80211: fix typo in starting baserate for rts_cts_rate_idx · c7abf25a
    Karl Beldan authored
    It affects non-(V)HT rates and can lead to selecting an rts_cts rate
    that is not a basic rate or way superior to the reference rate (ATM
    rates[0] used for the 1st attempt of the protected frame data).
    
    E.g, assuming drivers register growing (bitrate) sorted tables of
    ieee80211_rate-s, having :
    - rates[0].idx == d'2 and basic_rates == b'10100
    will select rts_cts idx b'10011 & ~d'(BIT(2)-1), i.e. 1, likewise
    - rates[0].idx == d'2 and basic_rates == b'10001
    will select rts_cts idx b'10000
    The first is not a basic rate and the second is > rates[0].
    
    Also, wrt severity of the addressed misbehavior, ATM we only have one
    rts_cts_rate_idx rather than one per rate table entry, so this idx might
    still point to bitrates > rates[1..MAX_RATES].
    
    Fixes: 5253ffb8 ("mac80211: always pick a basic rate to tx RTS/CTS for pre-HT rates")
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarKarl Beldan <karl.beldan@rivierawaves.com>
    Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    c7abf25a
rate.c 18.8 KB