Issam Hamdi <ih@xxxxxxxxxxxxxxxxxx> wrote: > diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c > index cb5f16366b9c..39cdbc11f540 100644 > --- a/net/mac80211/mesh.c > +++ b/net/mac80211/mesh.c > @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata, > return; > > /* if we race with running work, worst case this work becomes a noop */ > - for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE) > + for_each_set_bit(bit, &bits, sizeof(bits) * BITS_PER_BYTE) > set_bit(bit, ifmsh->mbss_changed); > set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags); > wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work); The ifmsh->mbss_changed is defined as: unsigned long mbss_changed[64 / BITS_PER_LONG]; It seems like loop of for_each_set_bit() want to copy each bit of changed (u64). When shrink traversal size of for_each_set_bit() from sizeof(changed) to sizeof(bits), upper 32 bits of changed will not be copied to ifmsh->mbss_changed. Will it be a problem?
