Received: by 2002:ab2:f03:0:b0:1ef:ffd0:ce49 with SMTP id i3csp54011lqf; Tue, 26 Mar 2024 14:10:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUSvuFhgDQhn9cqzKlfVs3NNvpZYAD4bOAm0sal00YqLHR+8U/SPFdOwmk8ekGCGB6cv+6X40ca49lJzVRUXl2uoFhlrr4w0tqcLFl/Qg== X-Google-Smtp-Source: AGHT+IE/ZLKnjNS2gAB7pD7B2xkP00K3cLDqKjtgEDA3a6Z6nQegI7l2CYIGmK6pbGpAvBNNfXsv X-Received: by 2002:a05:6808:1406:b0:3c3:9c9e:7c40 with SMTP id w6-20020a056808140600b003c39c9e7c40mr14235401oiv.40.1711487424724; Tue, 26 Mar 2024 14:10:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711487424; cv=pass; d=google.com; s=arc-20160816; b=LhXvzs6Jh/8Wst/WH4HDg6yLiejWK/SYZHvQgo/Mw8V9gPygsSLQ+4BKc3BYGJ4ETi 759hn0RVfoH0kHSpIEM8hY4wnjqxkJYPQFgrtFzjiCRhLkKm3mdZVFu5AXTUBykxgSBR +M15Oyeh+j3ALME276riPS5az7FoPGSDF8dnQho1739mZwjW5Zs7QyCM1DlXr0EPycva AS2nnVHEu6Od5JCW174635+TYq5e6XJddvckilacfblbeD7APb9bPmoOVBM9HV7fy6Rb 7eUQOA1juE6OScXDP0dmeNii/+gL69qkA5yLE8ESVl4SFWocCouHzbgxlfoklm43Z8hG fvVw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=5o6LTM7XxUESe3lado7aQqRZFHulJVbiuBATwbzqBPc=; fh=VnGABc7cqzdejZylNUlQJCv7z0+zOa1T1ZFr1/Lonm0=; b=F6l44cPznvZeYPLVB0cYy2aptbuhHLqnVwHQp/aH8uXM0DltBhpqX1PjPuklbnf9hD 31TxdRHUDdQTKrkd8PGkrXyCn9JI7/bEPOpI6hWpsgwpV/Qhc4pF9i+wVegffUAO6ti5 i/AC7evBjXtIIHvE1v7Co4m1Own93CcgDU9/Y8wHaZwyTH+H+1mF7Q6IHjPyLLuUGbit 5Fghq2MP3WLPXwkzEqlC6c4Q9RNsUBJk3GjYSfXUDRAyHG9VTplUtwX+p1Xh3i6B0+YK SJQTK1WwhRHQkdQeWePKHJ47fA66bBj6DzmHrK09T87K+0ViJngFpQNbwOHdFH2Fcknb A0hA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=TFL+baXq; arc=pass (i=1 spf=pass spfdomain=sipsolutions.net dkim=pass dkdomain=sipsolutions.net dmarc=pass fromdomain=sipsolutions.net); spf=pass (google.com: domain of linux-wireless+bounces-5304-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-wireless+bounces-5304-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id f24-20020a05620a12f800b00789e44058c3si8617620qkl.584.2024.03.26.14.10.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Mar 2024 14:10:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless+bounces-5304-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=TFL+baXq; arc=pass (i=1 spf=pass spfdomain=sipsolutions.net dkim=pass dkdomain=sipsolutions.net dmarc=pass fromdomain=sipsolutions.net); spf=pass (google.com: domain of linux-wireless+bounces-5304-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-wireless+bounces-5304-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 63F541C37C5C for ; Tue, 26 Mar 2024 21:10:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6669813D88A; Tue, 26 Mar 2024 21:09:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sipsolutions.net header.i=@sipsolutions.net header.b="TFL+baXq" X-Original-To: linux-wireless@vger.kernel.org Received: from sipsolutions.net (s3.sipsolutions.net [168.119.38.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C61C13D88C for ; Tue, 26 Mar 2024 21:09:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.38.16 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711487343; cv=none; b=mcyfldRFrXEGC4mKTo6SQs4jrqS9CODQM8XwqW713WoBaQAsEM8pLwiwOCj6S9uvCVeYpEs1zAmsJiTmfwXk+lv7eQYRg6v4yYVqZtx7rZgaYLfooxhM3/k89x2orwY3boB3xd0NkIjFlglLbXegABt9WEazgoqtq9vwUIClLoU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711487343; c=relaxed/simple; bh=SlXy3K2Nrs3kYm54mEXHmcs1t7hV5vu7l+8W77jJ4Ok=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=amwOU6/+dUEKxOPucc2u7/1Agnwgjp5kfWHaYKlXspL4CAU+xl274D8Y+U1RdEU/V1e7VXa9dxeBS0V7BmFv39SpZZuvUs9agwBPv3mOF22ATCsDIu28qpJiL7vQlHoi5zck10o+OXlg2Hss5qR3+TDPO1+GbdEwuuMJ65FMZR8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sipsolutions.net; spf=pass smtp.mailfrom=sipsolutions.net; dkim=pass (2048-bit key) header.d=sipsolutions.net header.i=@sipsolutions.net header.b=TFL+baXq; arc=none smtp.client-ip=168.119.38.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sipsolutions.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sipsolutions.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=Content-Transfer-Encoding:MIME-Version: Message-ID:Date:Subject:Cc:To:From:Content-Type:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-To:Resent-Cc: Resent-Message-ID:In-Reply-To:References; bh=5o6LTM7XxUESe3lado7aQqRZFHulJVbiuBATwbzqBPc=; t=1711487341; x=1712696941; b=TFL+baXqfjhp4ZObc2vTHZpBRn7PAKc8jFYL+NDasXFX4NBMcEbQNg+QdK4YLYTTspBrblBHfWJ V8go2OaUGyXex67noIoYO5MwjLwhMaO5CQZEUmkbOG1m9WqiPiQxqr8EoRbaY23Vdrjc//wq+WZN3 zl0ZDjd6CBZU0icM3hhSYCOWbySe029cccA9GQeIwpZLXCQC8ufHSmYgA8omRCYMoquEjZ4DAXj4n gcHw31HS+8dyruSzBE5lTW9+3ug/sJFAJ7N35D2MA8g0jiuMN2YKJCsDE0JHVSy2edG9BS1lPVHk0 5alPFQtrZMNjjt741PqmkiQ4CgV74coBid9g==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.97) (envelope-from ) id 1rpE2T-0000000FzQI-16GC; Tue, 26 Mar 2024 22:08:57 +0100 From: Johannes Berg To: linux-wireless@vger.kernel.org Cc: Johannes Berg , syzbot+fdc5123366fb9c3fdc6d@syzkaller.appspotmail.com, Dmitry Antipov Subject: [PATCH] wifi: mac80211: don't use rate mask for scanning Date: Tue, 26 Mar 2024 22:08:54 +0100 Message-ID: <20240326220854.9594cbb418ca.I7f86c0ba1f98cf7e27c2bacf6c2d417200ecea5c@changeid> X-Mailer: git-send-email 2.44.0 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Johannes Berg The rate mask is intended for use during operation, and can be set to only have masks for the currently active band. As such, it cannot be used for scanning which can be on other bands as well. Simply ignore the rate masks during scanning to avoid warnings from incorrect settings. Reported-by: syzbot+fdc5123366fb9c3fdc6d@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fdc5123366fb9c3fdc6d Co-developed-by: Dmitry Antipov Signed-off-by: Dmitry Antipov Signed-off-by: Johannes Berg --- include/net/mac80211.h | 3 +++ net/mac80211/rate.c | 6 +++++- net/mac80211/scan.c | 1 + net/mac80211/tx.c | 13 +++++++++---- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 353488ab94a2..2d7f87bc5324 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -953,6 +953,8 @@ enum mac80211_tx_info_flags { * of their QoS TID or other priority field values. * @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally * for sequence number assignment + * @IEEE80211_TX_CTRL_SCAN_TX: Indicates that this frame is transmitted + * due to scanning, not in normal operation on the interface. * @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this * frame should be transmitted on the specific link. This really is * only relevant for frames that do not have data present, and is @@ -973,6 +975,7 @@ enum mac80211_tx_control_flags { IEEE80211_TX_CTRL_NO_SEQNO = BIT(7), IEEE80211_TX_CTRL_DONT_REORDER = BIT(8), IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX = BIT(9), + IEEE80211_TX_CTRL_SCAN_TX = BIT(10), IEEE80211_TX_CTRL_MLO_LINK = 0xf0000000, }; diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c index 23404b275457..4dc1def69548 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -877,6 +877,7 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, struct ieee80211_sub_if_data *sdata; struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); struct ieee80211_supported_band *sband; + u32 mask = ~0; rate_control_fill_sta_table(sta, info, dest, max_rates); @@ -889,9 +890,12 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, if (ieee80211_is_tx_data(skb)) rate_control_apply_mask(sdata, sta, sband, dest, max_rates); + if (!(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) + mask = sdata->rc_rateidx_mask[info->band]; + if (dest[0].idx < 0) __rate_control_send_low(&sdata->local->hw, sband, sta, info, - sdata->rc_rateidx_mask[info->band]); + mask); if (sta) rate_fixup_ratelist(vif, sband, info, dest, max_rates); diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 0429e59ba387..73850312580f 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -648,6 +648,7 @@ static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); } IEEE80211_SKB_CB(skb)->flags |= tx_flags; + IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_SCAN_TX; ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band); } } diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 6bf223e6cd1a..cfd0a62d0152 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -698,11 +698,16 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) txrc.bss_conf = &tx->sdata->vif.bss_conf; txrc.skb = tx->skb; txrc.reported_rate.idx = -1; - txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; - if (tx->sdata->rc_has_mcs_mask[info->band]) - txrc.rate_idx_mcs_mask = - tx->sdata->rc_rateidx_mcs_mask[info->band]; + if (unlikely(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) { + txrc.rate_idx_mask = ~0; + } else { + txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; + + if (tx->sdata->rc_has_mcs_mask[info->band]) + txrc.rate_idx_mcs_mask = + tx->sdata->rc_rateidx_mcs_mask[info->band]; + } txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || -- 2.44.0