wifi: mac80211: don't use rate mask for offchannel TX either

Like the commit ab9177d83c ("wifi: mac80211: don't use rate mask for
scanning"), ignore incorrect settings to avoid no supported rate warning
reported by syzbot.

The syzbot did bisect and found cause is commit 9df66d5b9f ("cfg80211:
fix default HE tx bitrate mask in 2G band"), which however corrects
bitmask of HE MCS and recognizes correctly settings of empty legacy rate
plus HE MCS rate instead of returning -EINVAL.

As suggestions [1], follow the change of SCAN TX to consider this case of
offchannel TX as well.

[1] https://lore.kernel.org/linux-wireless/6ab2dc9c3afe753ca6fdcdd1421e7a1f47e87b84.camel@sipsolutions.net/T/#m2ac2a6d2be06a37c9c47a3d8a44b4f647ed4f024

Reported-by: syzbot+8dd98a9e98ee28dc484a@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-wireless/000000000000fdef8706191a3f7b@google.com/
Fixes: 9df66d5b9f ("cfg80211: fix default HE tx bitrate mask in 2G band")
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20240729074816.20323-1-pkshih@realtek.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Ping-Ke Shih 2024-07-29 15:48:16 +08:00 committed by Johannes Berg
parent ea63fb7199
commit e7a7ef9a07
5 changed files with 8 additions and 6 deletions

View File

@ -994,8 +994,9 @@ enum mac80211_tx_info_flags {
* of their QoS TID or other priority field values. * of their QoS TID or other priority field values.
* @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally * @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally
* for sequence number assignment * for sequence number assignment
* @IEEE80211_TX_CTRL_SCAN_TX: Indicates that this frame is transmitted * @IEEE80211_TX_CTRL_DONT_USE_RATE_MASK: Don't use rate mask for this frame
* due to scanning, not in normal operation on the interface. * which is transmitted due to scanning or offchannel TX, not in normal
* operation on the interface.
* @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this * @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this
* frame should be transmitted on the specific link. This really is * frame should be transmitted on the specific link. This really is
* only relevant for frames that do not have data present, and is * only relevant for frames that do not have data present, and is
@ -1016,7 +1017,7 @@ enum mac80211_tx_control_flags {
IEEE80211_TX_CTRL_NO_SEQNO = BIT(7), IEEE80211_TX_CTRL_NO_SEQNO = BIT(7),
IEEE80211_TX_CTRL_DONT_REORDER = BIT(8), IEEE80211_TX_CTRL_DONT_REORDER = BIT(8),
IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX = BIT(9), IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX = BIT(9),
IEEE80211_TX_CTRL_SCAN_TX = BIT(10), IEEE80211_TX_CTRL_DONT_USE_RATE_MASK = BIT(10),
IEEE80211_TX_CTRL_MLO_LINK = 0xf0000000, IEEE80211_TX_CTRL_MLO_LINK = 0xf0000000,
}; };

View File

@ -997,6 +997,7 @@ int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
} }
IEEE80211_SKB_CB(skb)->flags = flags; IEEE80211_SKB_CB(skb)->flags = flags;
IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_DONT_USE_RATE_MASK;
skb->dev = sdata->dev; skb->dev = sdata->dev;

View File

@ -890,7 +890,7 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif,
if (ieee80211_is_tx_data(skb)) if (ieee80211_is_tx_data(skb))
rate_control_apply_mask(sdata, sta, sband, dest, max_rates); rate_control_apply_mask(sdata, sta, sband, dest, max_rates);
if (!(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) if (!(info->control.flags & IEEE80211_TX_CTRL_DONT_USE_RATE_MASK))
mask = sdata->rc_rateidx_mask[info->band]; mask = sdata->rc_rateidx_mask[info->band];
if (dest[0].idx < 0) if (dest[0].idx < 0)

View File

@ -649,7 +649,7 @@ static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata,
cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); cpu_to_le16(IEEE80211_SN_TO_SEQ(sn));
} }
IEEE80211_SKB_CB(skb)->flags |= tx_flags; IEEE80211_SKB_CB(skb)->flags |= tx_flags;
IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_SCAN_TX; IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_DONT_USE_RATE_MASK;
ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band); ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band);
} }
} }

View File

@ -699,7 +699,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
txrc.skb = tx->skb; txrc.skb = tx->skb;
txrc.reported_rate.idx = -1; txrc.reported_rate.idx = -1;
if (unlikely(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) { if (unlikely(info->control.flags & IEEE80211_TX_CTRL_DONT_USE_RATE_MASK)) {
txrc.rate_idx_mask = ~0; txrc.rate_idx_mask = ~0;
} else { } else {
txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];