From f66b60f6524c970d43af7a68dd50dcce289887e7 Mon Sep 17 00:00:00 2001 From: Sven Eckelmann Date: Wed, 24 Feb 2016 16:25:49 +0100 Subject: [PATCH] mac80211: fix parsing of 40Mhz in injected radiotap header The MCS bandwidth part of the radiotap header is 2 bits wide. The full 2 bit have to compared against IEEE80211_RADIOTAP_MCS_BW_40 and not only if the first bit is set. Otherwise IEEE80211_RADIOTAP_MCS_BW_40 can be confused with IEEE80211_RADIOTAP_MCS_BW_20U. Fixes: dfdfc2beb0dd ("mac80211: Parse legacy and HT rate in injected frames") Signed-off-by: Sven Eckelmann Signed-off-by: Johannes Berg --- net/mac80211/tx.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index b3196b1e15c2..51e225e4b450 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -1691,7 +1691,7 @@ static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local, bool rate_found = false; u8 rate_retries = 0; u16 rate_flags = 0; - u8 mcs_known, mcs_flags; + u8 mcs_known, mcs_flags, mcs_bw; u16 vht_known; u8 vht_mcs = 0, vht_nss = 0; int i; @@ -1769,8 +1769,9 @@ static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local, mcs_flags & IEEE80211_RADIOTAP_MCS_SGI) rate_flags |= IEEE80211_TX_RC_SHORT_GI; + mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK; if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW && - mcs_flags & IEEE80211_RADIOTAP_MCS_BW_40) + mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40) rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; break; -- 2.20.1