mac80211: fix mesh id corruption on 32 bit systems

increase size of ifmsh->mbss_changed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 20bd3502d3)
Link: https://github.com/openwrt/openwrt/pull/15836
[Moved the patch to the end of the patch queue]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
Felix Fietkau 2023-09-12 15:17:23 +02:00 committed by Hauke Mehrtens
parent 130aa67675
commit 2b1ed7b33d

View File

@ -0,0 +1,62 @@
From: Felix Fietkau <nbd@nbd.name>
Date: Tue, 12 Sep 2023 15:09:27 +0200
Subject: [PATCH] mac80211: fix mesh id corruption on 32 bit systems
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since the changed field size was increased to u64, mesh_bss_info_changed
pulls invalid bits from the first 3 bytes of the mesh id, clears them, and
passes them on to ieee80211_link_info_change_notify, because
ifmsh->mbss_changed was not updated to match its size.
Fix this by turning into ifmsh->mbss_changed into an unsigned long array with
64 bit size.
Fixes: 15ddba5f4311 ("wifi: mac80211: consistently use u64 for BSS changes")
Reported-by: Thomas Hühn <thomas.huehn@hs-nordhausen.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -680,7 +680,7 @@ struct ieee80211_if_mesh {
struct timer_list mesh_path_root_timer;
unsigned long wrkq_flags;
- unsigned long mbss_changed;
+ unsigned long mbss_changed[64 / BITS_PER_LONG];
bool userspace_handles_dfs;
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1106,7 +1106,7 @@ void ieee80211_mbss_info_change_notify(s
/* if we race with running work, worst case this work becomes a noop */
for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
- set_bit(bit, &ifmsh->mbss_changed);
+ set_bit(bit, ifmsh->mbss_changed);
set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
ieee80211_queue_work(&sdata->local->hw, &sdata->work);
}
@@ -1188,7 +1188,7 @@ void ieee80211_stop_mesh(struct ieee8021
/* clear any mesh work (for next join) we may have accrued */
ifmsh->wrkq_flags = 0;
- ifmsh->mbss_changed = 0;
+ memset(ifmsh->mbss_changed, 0, sizeof(ifmsh->mbss_changed));
local->fif_other_bss--;
atomic_dec(&local->iff_allmultis);
@@ -1653,9 +1653,9 @@ static void mesh_bss_info_changed(struct
struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
u32 bit, changed = 0;
- for_each_set_bit(bit, &ifmsh->mbss_changed,
+ for_each_set_bit(bit, ifmsh->mbss_changed,
sizeof(changed) * BITS_PER_BYTE) {
- clear_bit(bit, &ifmsh->mbss_changed);
+ clear_bit(bit, ifmsh->mbss_changed);
changed |= BIT(bit);
}