mac80211: fix parsing of 40Mhz in injected radiotap header
authorSven Eckelmann <sven@narfation.org>
Wed, 24 Feb 2016 15:25:49 +0000 (16:25 +0100)
committerJohannes Berg <johannes.berg@intel.com>
Tue, 5 Apr 2016 08:58:16 +0000 (10:58 +0200)
The MCS bandwidth part of the radiotap header is 2 bits wide. The full 2
bit have to compared against IEEE80211_RADIOTAP_MCS_BW_40 and not only if
the first bit is set. Otherwise IEEE80211_RADIOTAP_MCS_BW_40 can be
confused with IEEE80211_RADIOTAP_MCS_BW_20U.

Fixes: dfdfc2beb0dd ("mac80211: Parse legacy and HT rate in injected frames")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/mac80211/tx.c

index b3196b1e15c29e48e8096c78e6c58399ec72f625..51e225e4b45097ca3e6d97afafff8976cfc96ad9 100644 (file)
@@ -1691,7 +1691,7 @@ static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local,
        bool rate_found = false;
        u8 rate_retries = 0;
        u16 rate_flags = 0;
-       u8 mcs_known, mcs_flags;
+       u8 mcs_known, mcs_flags, mcs_bw;
        u16 vht_known;
        u8 vht_mcs = 0, vht_nss = 0;
        int i;
@@ -1769,8 +1769,9 @@ static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local,
                            mcs_flags & IEEE80211_RADIOTAP_MCS_SGI)
                                rate_flags |= IEEE80211_TX_RC_SHORT_GI;
 
+                       mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK;
                        if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW &&
-                           mcs_flags & IEEE80211_RADIOTAP_MCS_BW_40)
+                           mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40)
                                rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
                        break;