mac80211: fix radiotap vendor presence bitmap handling

[ Upstream commit efc38dd7d5fa5c8cdd0c917c5d00947aa0539443 ]

Due to the alignment handling, it actually matters where in the code
we add the 4 bytes for the presence bitmap to the length; the first
field is the timestamp with 8 byte alignment so we need to add the
space for the extra vendor namespace presence bitmap *before* we do
any alignment for the fields.

Move the presence bitmap length accounting to the right place to fix
the alignment for the data properly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 5e2b4a4..51ad330 100644 (file)
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -142,6 +142,9 @@ ieee80211_rx_radiotap_hdrlen(struct ieee80211_local *local,
        /* allocate extra bitmaps */
        if (status->chains)
                len += 4 * hweight8(status->chains);
+       /* vendor presence bitmap */
+       if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA)
+               len += 4;
 
        if (ieee80211_have_rx_timestamp(status)) {
                len = ALIGN(len, 8);
@@ -197,8 +200,6 @@ ieee80211_rx_radiotap_hdrlen(struct ieee80211_local *local,
        if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA) {
                struct ieee80211_vendor_radiotap *rtap = (void *)skb->data;
 
-               /* vendor presence bitmap */
-               len += 4;
                /* alignment for fixed 6-byte vendor data header */
                len = ALIGN(len, 2);
                /* vendor data header */