summaryrefslogtreecommitdiffstats
path: root/net/mac80211/rate.c
diff options
context:
space:
mode:
authorKarl Beldan <karl.beldan@rivierawaves.com>2014-10-13 14:34:41 +0200
committerJohannes Berg <johannes.berg@intel.com>2014-10-14 11:16:16 +0200
commitc7abf25af0f41be4b50d44c5b185d52eea360cb8 (patch)
tree4f23e16b53e2931a4475afb8f3b8a2c1f434c973 /net/mac80211/rate.c
parentnl80211: sanity check the channel switch counter value (diff)
downloadlinux-c7abf25af0f41be4b50d44c5b185d52eea360cb8.tar.xz
linux-c7abf25af0f41be4b50d44c5b185d52eea360cb8.zip
mac80211: fix typo in starting baserate for rts_cts_rate_idx
It affects non-(V)HT rates and can lead to selecting an rts_cts rate that is not a basic rate or way superior to the reference rate (ATM rates[0] used for the 1st attempt of the protected frame data). E.g, assuming drivers register growing (bitrate) sorted tables of ieee80211_rate-s, having : - rates[0].idx == d'2 and basic_rates == b'10100 will select rts_cts idx b'10011 & ~d'(BIT(2)-1), i.e. 1, likewise - rates[0].idx == d'2 and basic_rates == b'10001 will select rts_cts idx b'10000 The first is not a basic rate and the second is > rates[0]. Also, wrt severity of the addressed misbehavior, ATM we only have one rts_cts_rate_idx rather than one per rate table entry, so this idx might still point to bitrates > rates[1..MAX_RATES]. Fixes: 5253ffb8c9e1 ("mac80211: always pick a basic rate to tx RTS/CTS for pre-HT rates") Cc: stable@vger.kernel.org Signed-off-by: Karl Beldan <karl.beldan@rivierawaves.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211/rate.c')
-rw-r--r--net/mac80211/rate.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 8fdadfd94ba8..6081329784dd 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -448,7 +448,7 @@ static void rate_fixup_ratelist(struct ieee80211_vif *vif,
*/
if (!(rates[0].flags & IEEE80211_TX_RC_MCS)) {
u32 basic_rates = vif->bss_conf.basic_rates;
- s8 baserate = basic_rates ? ffs(basic_rates - 1) : 0;
+ s8 baserate = basic_rates ? ffs(basic_rates) - 1 : 0;
rate = &sband->bitrates[rates[0].idx];