From 2b1ed7b33d42637c13947aa32e320ef787bb27cb Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 12 Sep 2023 15:17:23 +0200 Subject: [PATCH] mac80211: fix mesh id corruption on 32 bit systems increase size of ifmsh->mbss_changed Signed-off-by: Felix Fietkau (cherry picked from commit 20bd3502d3a841457cc06b3aa45646258fdcba9e) Link: https://github.com/openwrt/openwrt/pull/15836 [Moved the patch to the end of the patch queue] Signed-off-by: Hauke Mehrtens --- ...mesh-id-corruption-on-32-bit-systems.patch | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 package/kernel/mac80211/patches/subsys/361-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch diff --git a/package/kernel/mac80211/patches/subsys/361-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch b/package/kernel/mac80211/patches/subsys/361-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch new file mode 100644 index 0000000000..4e3cd106d3 --- /dev/null +++ b/package/kernel/mac80211/patches/subsys/361-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch @@ -0,0 +1,62 @@ +From: Felix Fietkau +Date: Tue, 12 Sep 2023 15:09:27 +0200 +Subject: [PATCH] mac80211: fix mesh id corruption on 32 bit systems +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since the changed field size was increased to u64, mesh_bss_info_changed +pulls invalid bits from the first 3 bytes of the mesh id, clears them, and +passes them on to ieee80211_link_info_change_notify, because +ifmsh->mbss_changed was not updated to match its size. +Fix this by turning into ifmsh->mbss_changed into an unsigned long array with +64 bit size. + +Fixes: 15ddba5f4311 ("wifi: mac80211: consistently use u64 for BSS changes") +Reported-by: Thomas Hühn +Signed-off-by: Felix Fietkau +--- + +--- a/net/mac80211/ieee80211_i.h ++++ b/net/mac80211/ieee80211_i.h +@@ -680,7 +680,7 @@ struct ieee80211_if_mesh { + struct timer_list mesh_path_root_timer; + + unsigned long wrkq_flags; +- unsigned long mbss_changed; ++ unsigned long mbss_changed[64 / BITS_PER_LONG]; + + bool userspace_handles_dfs; + +--- a/net/mac80211/mesh.c ++++ b/net/mac80211/mesh.c +@@ -1106,7 +1106,7 @@ void ieee80211_mbss_info_change_notify(s + + /* if we race with running work, worst case this work becomes a noop */ + for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE) +- set_bit(bit, &ifmsh->mbss_changed); ++ set_bit(bit, ifmsh->mbss_changed); + set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags); + ieee80211_queue_work(&sdata->local->hw, &sdata->work); + } +@@ -1188,7 +1188,7 @@ void ieee80211_stop_mesh(struct ieee8021 + + /* clear any mesh work (for next join) we may have accrued */ + ifmsh->wrkq_flags = 0; +- ifmsh->mbss_changed = 0; ++ memset(ifmsh->mbss_changed, 0, sizeof(ifmsh->mbss_changed)); + + local->fif_other_bss--; + atomic_dec(&local->iff_allmultis); +@@ -1653,9 +1653,9 @@ static void mesh_bss_info_changed(struct + struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; + u32 bit, changed = 0; + +- for_each_set_bit(bit, &ifmsh->mbss_changed, ++ for_each_set_bit(bit, ifmsh->mbss_changed, + sizeof(changed) * BITS_PER_BYTE) { +- clear_bit(bit, &ifmsh->mbss_changed); ++ clear_bit(bit, ifmsh->mbss_changed); + changed |= BIT(bit); + } + -- 2.30.2