Patch "wifi: mac80211: fix mbss changed flags corruption on 32 bit systems" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     wifi-mac80211-fix-mbss-changed-flags-corruption-on-3.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 0cf4b2a12062d6dcbafb37c4f190ebdfdfc97e5f
Author: Issam Hamdi <ih@xxxxxxxxxxxxxxxxxx>
Date:   Mon Nov 25 17:29:20 2024 +0100

    wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
    
    [ Upstream commit 49dba1ded8dd5a6a12748631403240b2ab245c34 ]
    
    On 32-bit systems, the size of an unsigned long is 4 bytes,
    while a u64 is 8 bytes. Therefore, when using
    or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE),
    the code is incorrectly searching for a bit in a 32-bit
    variable that is expected to be 64 bits in size,
    leading to incorrect bit finding.
    
    Solution: Ensure that the size of the bits variable is correctly
    adjusted for each architecture.
    
     Call Trace:
      ? show_regs+0x54/0x58
      ? __warn+0x6b/0xd4
      ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
      ? report_bug+0x113/0x150
      ? exc_overflow+0x30/0x30
      ? handle_bug+0x27/0x44
      ? exc_invalid_op+0x18/0x50
      ? handle_exception+0xf6/0xf6
      ? exc_overflow+0x30/0x30
      ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
      ? exc_overflow+0x30/0x30
      ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
      ? ieee80211_mesh_work+0xff/0x260 [mac80211]
      ? cfg80211_wiphy_work+0x72/0x98 [cfg80211]
      ? process_one_work+0xf1/0x1fc
      ? worker_thread+0x2c0/0x3b4
      ? kthread+0xc7/0xf0
      ? mod_delayed_work_on+0x4c/0x4c
      ? kthread_complete_and_exit+0x14/0x14
      ? ret_from_fork+0x24/0x38
      ? kthread_complete_and_exit+0x14/0x14
      ? ret_from_fork_asm+0xf/0x14
      ? entry_INT80_32+0xf0/0xf0
    
    Signed-off-by: Issam Hamdi <ih@xxxxxxxxxxxxxxxxxx>
    Link: https://patch.msgid.link/20241125162920.2711462-1-ih@xxxxxxxxxxxxxxxxxx
    [restore no-op path for no changes]
    Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 25223184d6e5..a5e7edd2f2d1 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1173,14 +1173,14 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
 				       u64 changed)
 {
 	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
-	unsigned long bits = changed;
+	unsigned long bits[] = { BITMAP_FROM_U64(changed) };
 	u32 bit;
 
-	if (!bits)
+	if (!changed)
 		return;
 
 	/* if we race with running work, worst case this work becomes a noop */
-	for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
+	for_each_set_bit(bit, bits, sizeof(changed) * BITS_PER_BYTE)
 		set_bit(bit, ifmsh->mbss_changed);
 	set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
 	wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux