mac80211: fix mesh id corruption on 32 bit systems

increase size of ifmsh->mbss_changed

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/package/kernel/mac80211/patches/subsys/311-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch b/package/kernel/mac80211/patches/subsys/311-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch
new file mode 100644 (file)
index 0000000..c0c774a
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/311-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch
@@ -0,0 +1,62 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 12 Sep 2023 15:09:27 +0200
+Subject: [PATCH] mac80211: fix mesh id corruption on 32 bit systems
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since the changed field size was increased to u64, mesh_bss_info_changed
+pulls invalid bits from the first 3 bytes of the mesh id, clears them, and
+passes them on to ieee80211_link_info_change_notify, because
+ifmsh->mbss_changed was not updated to match its size.
+Fix this by turning into ifmsh->mbss_changed into an unsigned long array with
+64 bit size.
+
+Fixes: 15ddba5f4311 ("wifi: mac80211: consistently use u64 for BSS changes")
+Reported-by: Thomas Hühn <thomas.huehn@hs-nordhausen.de>
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -678,7 +678,7 @@ struct ieee80211_if_mesh {
+       struct timer_list mesh_path_root_timer;
+ 
+       unsigned long wrkq_flags;
+-      unsigned long mbss_changed;
++      unsigned long mbss_changed[64 / BITS_PER_LONG];
+ 
+       bool userspace_handles_dfs;
+ 
+--- a/net/mac80211/mesh.c
++++ b/net/mac80211/mesh.c
+@@ -1181,7 +1181,7 @@ void ieee80211_mbss_info_change_notify(s
+ 
+       /* if we race with running work, worst case this work becomes a noop */
+       for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
+-              set_bit(bit, &ifmsh->mbss_changed);
++              set_bit(bit, ifmsh->mbss_changed);
+       set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
+       wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
+ }
+@@ -1263,7 +1263,7 @@ void ieee80211_stop_mesh(struct ieee8021
+ 
+       /* clear any mesh work (for next join) we may have accrued */
+       ifmsh->wrkq_flags = 0;
+-      ifmsh->mbss_changed = 0;
++      memset(ifmsh->mbss_changed, 0, sizeof(ifmsh->mbss_changed));
+ 
+       local->fif_other_bss--;
+       atomic_dec(&local->iff_allmultis);
+@@ -1730,9 +1730,9 @@ static void mesh_bss_info_changed(struct
+       u32 bit;
+       u64 changed = 0;
+ 
+-      for_each_set_bit(bit, &ifmsh->mbss_changed,
++      for_each_set_bit(bit, ifmsh->mbss_changed,
+                        sizeof(changed) * BITS_PER_BYTE) {
+-              clear_bit(bit, &ifmsh->mbss_changed);
++              clear_bit(bit, ifmsh->mbss_changed);
+               changed |= BIT(bit);
+       }
+