mac80211: fix wiphy supported_band access

Fix wiphy supported_band access in tx radiotap parsing introduced
in commit 5ec3aed9ba4c ("mac80211: Parse legacy and HT rate in
injected frames"). In particular, info->band is always set to 0
(IEEE80211_BAND_2GHZ) since it has not assigned yet.
This cause a kernel crash on 5GHz only devices.
Move ieee80211_parse_tx_radiotap() after info->band assignment

Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

1 files changed, 5 insertions, 4 deletions

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 7bb67fa9f4d2..3a7475ff1a41 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1892,10 +1892,6 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
         info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
                       IEEE80211_TX_CTL_INJECTED;
 
-        /* process and remove the injection radiotap header */
-        if (!ieee80211_parse_tx_radiotap(local, skb))
-                goto fail;
-
         rcu_read_lock();
 
         /*
@@ -1957,6 +1953,11 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
                 goto fail_rcu;
 
         info->band = chandef->chan->band;
+
+        /* process and remove the injection radiotap header */
+        if (!ieee80211_parse_tx_radiotap(local, skb))
+                goto fail_rcu;
+
         ieee80211_xmit(sdata, NULL, skb);
         rcu_read_unlock();