recipes-wifi/linux-mac80211/files/patches-6.x/subsys/311-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch - filogic/rdk-b/meta-filogic - Gitiles

 From: Felix Fietkau <nbd@nbd.name>
 Date: Tue, 12 Sep 2023 15:09:27 +0200
 Subject: [PATCH] mac80211: fix mesh id corruption on 32 bit systems
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 Since the changed field size was increased to u64, mesh_bss_info_changed
 pulls invalid bits from the first 3 bytes of the mesh id, clears them, and
 passes them on to ieee80211_link_info_change_notify, because
 ifmsh->mbss_changed was not updated to match its size.
 Fix this by turning into ifmsh->mbss_changed into an unsigned long array with
 64 bit size.

 Fixes: 15ddba5f4311 ("wifi: mac80211: consistently use u64 for BSS changes")
 Reported-by: Thomas Hühn <thomas.huehn@hs-nordhausen.de>
 Signed-off-by: Felix Fietkau <nbd@nbd.name>
 ---

 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
 @@ -678,7 +678,7 @@ struct ieee80211_if_mesh {
  	struct timer_list mesh_path_root_timer;

  	unsigned long wrkq_flags;
 -	unsigned long mbss_changed;
 +	unsigned long mbss_changed[64 / BITS_PER_LONG];

  	bool userspace_handles_dfs;

 --- a/net/mac80211/mesh.c
 +++ b/net/mac80211/mesh.c
 @@ -1181,7 +1181,7 @@ void ieee80211_mbss_info_change_notify(s

  	/* if we race with running work, worst case this work becomes a noop */
  	for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
 -		set_bit(bit, &ifmsh->mbss_changed);
 +		set_bit(bit, ifmsh->mbss_changed);
  	set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
  	wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
  }
 @@ -1263,7 +1263,7 @@ void ieee80211_stop_mesh(struct ieee8021

  	/* clear any mesh work (for next join) we may have accrued */
  	ifmsh->wrkq_flags = 0;
 -	ifmsh->mbss_changed = 0;
 +	memset(ifmsh->mbss_changed, 0, sizeof(ifmsh->mbss_changed));

  	local->fif_other_bss--;
  	atomic_dec(&local->iff_allmultis);
 @@ -1730,9 +1730,9 @@ static void mesh_bss_info_changed(struct
  	u32 bit;
  	u64 changed = 0;

 -	for_each_set_bit(bit, &ifmsh->mbss_changed,
 +	for_each_set_bit(bit, ifmsh->mbss_changed,
  			 sizeof(changed) * BITS_PER_BYTE) {
 -		clear_bit(bit, &ifmsh->mbss_changed);
 +		clear_bit(bit, ifmsh->mbss_changed);
  		changed |= BIT(bit);
  	}
	From: Felix Fietkau <nbd@nbd.name>
	Date: Tue, 12 Sep 2023 15:09:27 +0200
	Subject: [PATCH] mac80211: fix mesh id corruption on 32 bit systems
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	Since the changed field size was increased to u64, mesh_bss_info_changed
	pulls invalid bits from the first 3 bytes of the mesh id, clears them, and
	passes them on to ieee80211_link_info_change_notify, because
	ifmsh->mbss_changed was not updated to match its size.
	Fix this by turning into ifmsh->mbss_changed into an unsigned long array with
	64 bit size.

	Fixes: 15ddba5f4311 ("wifi: mac80211: consistently use u64 for BSS changes")
	Reported-by: Thomas Hühn <thomas.huehn@hs-nordhausen.de>
	Signed-off-by: Felix Fietkau <nbd@nbd.name>
	---

	--- a/net/mac80211/ieee80211_i.h
	+++ b/net/mac80211/ieee80211_i.h
	@@ -678,7 +678,7 @@ struct ieee80211_if_mesh {
	struct timer_list mesh_path_root_timer;

	unsigned long wrkq_flags;
	- unsigned long mbss_changed;
	+ unsigned long mbss_changed[64 / BITS_PER_LONG];

	bool userspace_handles_dfs;

	--- a/net/mac80211/mesh.c
	+++ b/net/mac80211/mesh.c
	@@ -1181,7 +1181,7 @@ void ieee80211_mbss_info_change_notify(s

	/* if we race with running work, worst case this work becomes a noop */
	for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
	- set_bit(bit, &ifmsh->mbss_changed);
	+ set_bit(bit, ifmsh->mbss_changed);
	set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
	wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
	}
	@@ -1263,7 +1263,7 @@ void ieee80211_stop_mesh(struct ieee8021

	/* clear any mesh work (for next join) we may have accrued */
	ifmsh->wrkq_flags = 0;
	- ifmsh->mbss_changed = 0;
	+ memset(ifmsh->mbss_changed, 0, sizeof(ifmsh->mbss_changed));

	local->fif_other_bss--;
	atomic_dec(&local->iff_allmultis);
	@@ -1730,9 +1730,9 @@ static void mesh_bss_info_changed(struct
	u32 bit;
	u64 changed = 0;

	- for_each_set_bit(bit, &ifmsh->mbss_changed,
	+ for_each_set_bit(bit, ifmsh->mbss_changed,
	sizeof(changed) * BITS_PER_BYTE) {
	- clear_bit(bit, &ifmsh->mbss_changed);
	+ clear_bit(bit, ifmsh->mbss_changed);
	changed \|= BIT(bit);
	}