Skip to content

Commit 6e48ebf

Browse files
nbd168jmberg-intel
nbd168
authored and
jmberg-intel
committed
wifi: mac80211: fix mesh id corruption on 32 bit systems
Since the changed field size was increased to u64, mesh_bss_info_changed pulls invalid bits from the first 3 bytes of the mesh id, clears them, and passes them on to ieee80211_link_info_change_notify, because ifmsh->mbss_changed was not updated to match its size. Fix this by turning into ifmsh->mbss_changed into an unsigned long array with 64 bit size. Fixes: 15ddba5 ("wifi: mac80211: consistently use u64 for BSS changes") Reported-by: Thomas Hühn <[email protected]> Signed-off-by: Felix Fietkau <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Johannes Berg <[email protected]>
1 parent d138307 commit 6e48ebf

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

net/mac80211/ieee80211_i.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -676,7 +676,7 @@ struct ieee80211_if_mesh {
676676
struct timer_list mesh_path_root_timer;
677677

678678
unsigned long wrkq_flags;
679-
unsigned long mbss_changed;
679+
unsigned long mbss_changed[64 / BITS_PER_LONG];
680680

681681
bool userspace_handles_dfs;
682682

net/mac80211/mesh.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1175,7 +1175,7 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
11751175

11761176
/* if we race with running work, worst case this work becomes a noop */
11771177
for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
1178-
set_bit(bit, &ifmsh->mbss_changed);
1178+
set_bit(bit, ifmsh->mbss_changed);
11791179
set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
11801180
wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
11811181
}
@@ -1257,7 +1257,7 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
12571257

12581258
/* clear any mesh work (for next join) we may have accrued */
12591259
ifmsh->wrkq_flags = 0;
1260-
ifmsh->mbss_changed = 0;
1260+
memset(ifmsh->mbss_changed, 0, sizeof(ifmsh->mbss_changed));
12611261

12621262
local->fif_other_bss--;
12631263
atomic_dec(&local->iff_allmultis);
@@ -1724,9 +1724,9 @@ static void mesh_bss_info_changed(struct ieee80211_sub_if_data *sdata)
17241724
u32 bit;
17251725
u64 changed = 0;
17261726

1727-
for_each_set_bit(bit, &ifmsh->mbss_changed,
1727+
for_each_set_bit(bit, ifmsh->mbss_changed,
17281728
sizeof(changed) * BITS_PER_BYTE) {
1729-
clear_bit(bit, &ifmsh->mbss_changed);
1729+
clear_bit(bit, ifmsh->mbss_changed);
17301730
changed |= BIT(bit);
17311731
}
17321732

0 commit comments

Comments
 (0)