Ping-Ke Shih <pkshih@xxxxxxxxxxx> wrote:
>
> Issam Hamdi <ih@xxxxxxxxxxxxxxxxxx> wrote:
> > diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index
> > cb5f16366b9c..39cdbc11f540 100644
> > --- a/net/mac80211/mesh.c
> > +++ b/net/mac80211/mesh.c
> > @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct
> ieee80211_sub_if_data *sdata,
> > return;
> >
> > /* if we race with running work, worst case this work becomes a noop */
> > - for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
> > + for_each_set_bit(bit, &bits, sizeof(bits) * BITS_PER_BYTE)
> > set_bit(bit, ifmsh->mbss_changed);
> > set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
> > wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
>
> The ifmsh->mbss_changed is defined as:
> unsigned long mbss_changed[64 / BITS_PER_LONG];
>
> It seems like loop of for_each_set_bit() want to copy each bit of changed (u64).
> When shrink traversal size of for_each_set_bit() from sizeof(changed) to sizeof(bits), upper 32
> bits of changed will not be copied to ifmsh->mbss_changed.
> Will it be a problem?
>
On 32-bit system, the upper 32 bits seem already lost when "unsigned long bits = changed". (no matter what the traversal size it is)
IIUC, this patch is going to prevent traversal of "bits" from getting out-of-bound.
But perhaps, "unsigned long bits[] = { BITMAP_FROM_U64(changed) }" would be better.
Then, traversal size can keep as before.
