Zong-Zhe Yang <kevin_yang@xxxxxxxxxxx> wrote:
> Ping-Ke Shih <pkshih@xxxxxxxxxxx> wrote:
> >
> > Issam Hamdi <ih@xxxxxxxxxxxxxxxxxx> wrote:
> > > diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index
> > > cb5f16366b9c..39cdbc11f540 100644
> > > --- a/net/mac80211/mesh.c
> > > +++ b/net/mac80211/mesh.c
> > > @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct
> > ieee80211_sub_if_data *sdata,
> > > return;
> > >
> > > /* if we race with running work, worst case this work becomes a noop */
> > > - for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
> > > + for_each_set_bit(bit, &bits, sizeof(bits) * BITS_PER_BYTE)
> > > set_bit(bit, ifmsh->mbss_changed);
> > > set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
> > > wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
> >
> > The ifmsh->mbss_changed is defined as:
> > unsigned long mbss_changed[64 / BITS_PER_LONG];
> >
> > It seems like loop of for_each_set_bit() want to copy each bit of changed (u64).
> > When shrink traversal size of for_each_set_bit() from sizeof(changed) to sizeof(bits), upper 32
> > bits of changed will not be copied to ifmsh->mbss_changed.
> > Will it be a problem?
> >
>
> On 32-bit system, the upper 32 bits seem already lost when "unsigned long bits = changed". (no matter what
> the traversal size it is)
> IIUC, this patch is going to prevent traversal of "bits" from getting out-of-bound.
>
> But perhaps, "unsigned long bits[] = { BITMAP_FROM_U64(changed) }" would be better.
> Then, traversal size can keep as before.
BITMAP_FROM_U64() looks like a good idea.
