Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp3018764rdb; Tue, 12 Sep 2023 22:04:09 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH4OgQzsgR9XgAeJc75V2K+cELyoo4YTgmqFXYlQDl/T/4v4DaOLTIF/QQoYiiAQujoZHfa X-Received: by 2002:a1f:e141:0:b0:495:c10c:ec3a with SMTP id y62-20020a1fe141000000b00495c10cec3amr1285634vkg.8.1694581449171; Tue, 12 Sep 2023 22:04:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694581449; cv=none; d=google.com; s=arc-20160816; b=APadaRpLHp4Ppx4eQS6uAJ0VaRosQWn8/oatLvleWHiGbDdW/+LqKEC/zWqBtNTaux bJNdP/yZDThULVUOJnbKmt4XouwwrDl9c9u051+zUWVsYioe/PWMecki90SgAnBOwEvl z+uVEW9uSDRYgIh8eTc6o/6V9NHPHBxLv2oGwIiazg2K17+kRB0yrM2PXR3mU56wf6mS 8K4/J38nBy7TUOEPd+phS7DbBlMnir1B75JY032T0R2dPpwYT6vRJlGttv/MrXfHWKsj Ugg0Mxb7OQHOVLPhomHV6nVmirf1O01/sv8tyyZsw89GfBmz7tpzypNFP8TUPprR5tx4 hQ/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=wmlOjen8EZ0H1IYGCOWIJbnUC4v123gnVqub7GsIlqs=; fh=e94iIUdYXIFjQ3b8VLfiGuzH1HlmONpparxmIvTLErA=; b=IFqNW3srD6sqe+CR7EtWtUanW3bVpYK4xQiAwaePJTVTQPvOnTvCi3ghTORubiNBph W9O6oIxQ1nyVl/2DBSQo6RkWDEfkhshWapDgqeMdKbir9PA56WgW9U72wlMS75o7ybf6 5yGT88BV/tMYuQXf0IFr3pMXHcabIAvo440YY0tGM9Rhp5aH9i9H6eLI6oBeyZCPCF8Q X+I0BswYB1wdL0Ks8YJpivafWkd64gXNhHcWx8aFtiBSrTxKYtmbbznFy3+ZHrfYM2BP p/F/+qKpv1uvyxcmehjmkgi4PW8E6Qz5IrELQmgVAwyCyFPxqgKVfdtpQ9I9ICiCVZk7 imHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=d22cujY+; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id u3-20020a656703000000b005649893593dsi9250450pgf.880.2023.09.12.22.04.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Sep 2023 22:04:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=d22cujY+; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id EC3BB80236CA; Tue, 12 Sep 2023 22:02:50 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238296AbjIMFBm (ORCPT + 56 others); Wed, 13 Sep 2023 01:01:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230127AbjIMFBm (ORCPT ); Wed, 13 Sep 2023 01:01:42 -0400 Received: from nbd.name (nbd.name [46.4.11.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 08B7B172A for ; Tue, 12 Sep 2023 22:01:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name; s=20160729; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=wmlOjen8EZ0H1IYGCOWIJbnUC4v123gnVqub7GsIlqs=; b=d22cujY+6aaFp8LCiLyJW5IgDY M5j/GS9iK2cXmTma8xiKQbRr5t6GXy1AJvCiXRT7lGgTY7tVZ4W8fWNzb9awtSM6UU9c7eTkyeBaQ /Ls2zuhbj62MnsKJISMXWl41Unk52BnhzH4HfRYxXBHjs8Sigw6EbggveEfcT8W89hWc=; Received: from p4ff13705.dip0.t-ipconnect.de ([79.241.55.5] helo=localhost.localdomain) by ds12 with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Exim 4.94.2) (envelope-from ) id 1qgI0M-001FPU-RD; Wed, 13 Sep 2023 07:01:34 +0200 From: Felix Fietkau To: linux-wireless@vger.kernel.org Cc: johannes@sipsolutions.net, pagadala.yesu.anjaneyulu@intel.com, =?UTF-8?q?Thomas=20H=C3=BChn?= Subject: [PATCH wireless] wifi: mac80211: fix mesh id corruption on 32 bit systems Date: Wed, 13 Sep 2023 07:01:34 +0200 Message-ID: <20230913050134.53536-1-nbd@nbd.name> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Tue, 12 Sep 2023 22:02:51 -0700 (PDT) X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Since the changed field size was increased to u64, mesh_bss_info_changed pulls invalid bits from the first 3 bytes of the mesh id, clears them, and passes them on to ieee80211_link_info_change_notify, because ifmsh->mbss_changed was not updated to match its size. Fix this by turning into ifmsh->mbss_changed into an unsigned long array with 64 bit size. Fixes: 15ddba5f4311 ("wifi: mac80211: consistently use u64 for BSS changes") Reported-by: Thomas Hühn Signed-off-by: Felix Fietkau --- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/mesh.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index b8465d205076..3c5dbf95685d 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -682,7 +682,7 @@ struct ieee80211_if_mesh { struct timer_list mesh_path_root_timer; unsigned long wrkq_flags; - unsigned long mbss_changed; + unsigned long mbss_changed[64 / BITS_PER_LONG]; bool userspace_handles_dfs; diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index 0d0fbae51b61..092a1dc7314d 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -1175,7 +1175,7 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata, /* if we race with running work, worst case this work becomes a noop */ for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE) - set_bit(bit, &ifmsh->mbss_changed); + set_bit(bit, ifmsh->mbss_changed); set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags); wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work); } @@ -1257,7 +1257,7 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata) /* clear any mesh work (for next join) we may have accrued */ ifmsh->wrkq_flags = 0; - ifmsh->mbss_changed = 0; + memset(ifmsh->mbss_changed, 0, sizeof(ifmsh->mbss_changed)); local->fif_other_bss--; atomic_dec(&local->iff_allmultis); @@ -1722,9 +1722,9 @@ static void mesh_bss_info_changed(struct ieee80211_sub_if_data *sdata) u32 bit; u64 changed = 0; - for_each_set_bit(bit, &ifmsh->mbss_changed, + for_each_set_bit(bit, ifmsh->mbss_changed, sizeof(changed) * BITS_PER_BYTE) { - clear_bit(bit, &ifmsh->mbss_changed); + clear_bit(bit, ifmsh->mbss_changed); changed |= BIT(bit); } -- 2.41.0