From: Ping-Ke Shih <pkshih@realtek.com>
To: Zong-Zhe Yang <kevin_yang@realtek.com>,
Issam Hamdi <ih@simonwunderlich.de>,
"johannes@sipsolutions.net" <johannes@sipsolutions.net>
Cc: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
"sw@simonwunderlich.de" <sw@simonwunderlich.de>,
Kretschmer Mathias <mathias.kretschmer@fit.fraunhofer.de>
Subject: RE: [PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
Date: Thu, 7 Nov 2024 05:15:15 +0000 [thread overview]
Message-ID: <0e4d1faeb9f7420789ee1c958d65c101@realtek.com> (raw)
In-Reply-To: <1ac0dcb7311e4851abdd15f3dd55cb6a@realtek.com>
Zong-Zhe Yang <kevin_yang@realtek.com> wrote:
> Ping-Ke Shih <pkshih@realtek.com> wrote:
> >
> > Issam Hamdi <ih@simonwunderlich.de> wrote:
> > > diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index
> > > cb5f16366b9c..39cdbc11f540 100644
> > > --- a/net/mac80211/mesh.c
> > > +++ b/net/mac80211/mesh.c
> > > @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct
> > ieee80211_sub_if_data *sdata,
> > > return;
> > >
> > > /* if we race with running work, worst case this work becomes a noop */
> > > - for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
> > > + for_each_set_bit(bit, &bits, sizeof(bits) * BITS_PER_BYTE)
> > > set_bit(bit, ifmsh->mbss_changed);
> > > set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
> > > wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
> >
> > The ifmsh->mbss_changed is defined as:
> > unsigned long mbss_changed[64 / BITS_PER_LONG];
> >
> > It seems like loop of for_each_set_bit() want to copy each bit of changed (u64).
> > When shrink traversal size of for_each_set_bit() from sizeof(changed) to sizeof(bits), upper 32
> > bits of changed will not be copied to ifmsh->mbss_changed.
> > Will it be a problem?
> >
>
> On 32-bit system, the upper 32 bits seem already lost when "unsigned long bits = changed". (no matter what
> the traversal size it is)
> IIUC, this patch is going to prevent traversal of "bits" from getting out-of-bound.
>
> But perhaps, "unsigned long bits[] = { BITMAP_FROM_U64(changed) }" would be better.
> Then, traversal size can keep as before.
BITMAP_FROM_U64() looks like a good idea.
next prev parent reply other threads:[~2024-11-07 5:15 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-04 17:24 [PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems Issam Hamdi
2024-11-06 11:09 ` Johannes Berg
2024-11-06 11:11 ` Johannes Berg
2024-11-06 11:16 ` Johannes Berg
2024-11-07 3:09 ` Ping-Ke Shih
2024-11-07 3:56 ` Zong-Zhe Yang
2024-11-07 5:15 ` Ping-Ke Shih [this message]
2024-11-18 12:56 ` [PATCH v2] " Issam Hamdi
2024-11-18 13:26 ` James Dutton
2024-11-18 13:28 ` Johannes Berg
2024-11-21 21:33 ` kernel test robot
2024-11-25 16:29 ` [PATCH v3] " Issam Hamdi
2024-11-25 21:22 ` [PATCH v2] " kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0e4d1faeb9f7420789ee1c958d65c101@realtek.com \
--to=pkshih@realtek.com \
--cc=ih@simonwunderlich.de \
--cc=johannes@sipsolutions.net \
--cc=kevin_yang@realtek.com \
--cc=linux-wireless@vger.kernel.org \
--cc=mathias.kretschmer@fit.fraunhofer.de \
--cc=sw@simonwunderlich.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox