[PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Issam Hamdi]

On 32-bit systems, the size of an unsigned long is 4 bytes,
while a u64 is 8 bytes. Therefore, when using
or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE),
the code is incorrectly searching for a bit in a 32-bit
variable that is expected to be 64 bits in size,
leading to incorrect bit finding.

Solution: Ensure that the size of the bits variable is correctly
adjusted for each architecture.

 Call Trace:
  ? show_regs+0x54/0x58
  ? __warn+0x6b/0xd4
  ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
  ? report_bug+0x113/0x150
  ? exc_overflow+0x30/0x30
  ? handle_bug+0x27/0x44
  ? exc_invalid_op+0x18/0x50
  ? handle_exception+0xf6/0xf6
  ? exc_overflow+0x30/0x30
  ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
  ? exc_overflow+0x30/0x30
  ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
  ? ieee80211_mesh_work+0xff/0x260 [mac80211]
  ? cfg80211_wiphy_work+0x72/0x98 [cfg80211]
  ? process_one_work+0xf1/0x1fc
  ? worker_thread+0x2c0/0x3b4
  ? kthread+0xc7/0xf0
  ? mod_delayed_work_on+0x4c/0x4c
  ? kthread_complete_and_exit+0x14/0x14
  ? ret_from_fork+0x24/0x38
  ? kthread_complete_and_exit+0x14/0x14
  ? ret_from_fork_asm+0xf/0x14
  ? entry_INT80_32+0xf0/0xf0

Reported-by: Kretschmer Mathias <mathias.kretschmer@fit.fraunhofer.de>
Signed-off-by: Issam Hamdi <ih@simonwunderlich.de>
---
 net/mac80211/mesh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index cb5f16366b9c..39cdbc11f540 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
 		return;
 
 	/* if we race with running work, worst case this work becomes a noop */
-	for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
+	for_each_set_bit(bit, &bits, sizeof(bits) * BITS_PER_BYTE)
 		set_bit(bit, ifmsh->mbss_changed);
 	set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
 	wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);

base-commit: 2b94751626a6d49bbe42a19cc1503bd391016bd5
-- 
2.39.2

Re: [PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Johannes Berg]

On Mon, 2024-11-04 at 18:24 +0100, Issam Hamdi wrote:
> On 32-bit systems, the size of an unsigned long is 4 bytes,

yes

> while a u64 is 8 bytes.

yes


> Therefore, when using
> or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE),
> the code is incorrectly searching for a bit in a 32-bit
> variable that is expected to be 64 bits in size,
> leading to incorrect bit finding.

No.

> +++ b/net/mac80211/mesh.c
> @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,

You evidently have _hundreds_ of out-of-tree lines, probably some of
those cause this bug too.

johannes

Re: [PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Johannes Berg]

On Wed, 2024-11-06 at 12:09 +0100, Johannes Berg wrote:
> 
> > +++ b/net/mac80211/mesh.c
> > @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
> 
> You evidently have _hundreds_ of out-of-tree lines, probably some of
> those cause this bug too.

Ahrg, sorry, no. I take it all back, I was looking at the completely
wrong tree by accident.

Still this seems like the wrong fix, it would be better to take care of
all the 64 bits?

johannes

Re: [PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Johannes Berg]

On Wed, 2024-11-06 at 12:11 +0100, Johannes Berg wrote:
> On Wed, 2024-11-06 at 12:09 +0100, Johannes Berg wrote:
> > 
> > > +++ b/net/mac80211/mesh.c
> > > @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
> > 
> > You evidently have _hundreds_ of out-of-tree lines, probably some of
> > those cause this bug too.
> 
> Ahrg, sorry, no. I take it all back, I was looking at the completely
> wrong tree by accident.
> 
> Still this seems like the wrong fix, it would be better to take care of
> all the 64 bits?
> 

Also, a Fixes: tag would be nice.

johannes

RE: [PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Ping-Ke Shih]

Issam Hamdi <ih@simonwunderlich.de> wrote:
> diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
> index cb5f16366b9c..39cdbc11f540 100644
> --- a/net/mac80211/mesh.c
> +++ b/net/mac80211/mesh.c
> @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
>                 return;
> 
>         /* if we race with running work, worst case this work becomes a noop */
> -       for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
> +       for_each_set_bit(bit, &bits, sizeof(bits) * BITS_PER_BYTE)
>                 set_bit(bit, ifmsh->mbss_changed);
>         set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
>         wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);

The ifmsh->mbss_changed is defined as:
	unsigned long mbss_changed[64 / BITS_PER_LONG];

It seems like loop of for_each_set_bit() want to copy each bit of changed (u64). 
When shrink traversal size of for_each_set_bit() from sizeof(changed) to sizeof(bits), 
upper 32 bits of changed will not be copied to ifmsh->mbss_changed.
Will it be a problem?

RE: [PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Zong-Zhe Yang]

Ping-Ke Shih <pkshih@realtek.com> wrote:
> 
> Issam Hamdi <ih@simonwunderlich.de> wrote:
> > diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index
> > cb5f16366b9c..39cdbc11f540 100644
> > --- a/net/mac80211/mesh.c
> > +++ b/net/mac80211/mesh.c
> > @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct
> ieee80211_sub_if_data *sdata,
> >                 return;
> >
> >         /* if we race with running work, worst case this work becomes a noop */
> > -       for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
> > +       for_each_set_bit(bit, &bits, sizeof(bits) * BITS_PER_BYTE)
> >                 set_bit(bit, ifmsh->mbss_changed);
> >         set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
> >         wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
> 
> The ifmsh->mbss_changed is defined as:
> 	unsigned long mbss_changed[64 / BITS_PER_LONG];
> 
> It seems like loop of for_each_set_bit() want to copy each bit of changed (u64).
> When shrink traversal size of for_each_set_bit() from sizeof(changed) to sizeof(bits), upper 32
> bits of changed will not be copied to ifmsh->mbss_changed.
> Will it be a problem?
> 

On 32-bit system, the upper 32 bits seem already lost when "unsigned long bits = changed". (no matter what the traversal size it is)
IIUC, this patch is going to prevent traversal of "bits" from getting out-of-bound.

But perhaps, "unsigned long bits[] = { BITMAP_FROM_U64(changed) }" would be better.
Then, traversal size can keep as before.

RE: [PATCH] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Ping-Ke Shih]

Zong-Zhe Yang <kevin_yang@realtek.com> wrote:
> Ping-Ke Shih <pkshih@realtek.com> wrote:
> >
> > Issam Hamdi <ih@simonwunderlich.de> wrote:
> > > diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index
> > > cb5f16366b9c..39cdbc11f540 100644
> > > --- a/net/mac80211/mesh.c
> > > +++ b/net/mac80211/mesh.c
> > > @@ -1164,7 +1164,7 @@ void ieee80211_mbss_info_change_notify(struct
> > ieee80211_sub_if_data *sdata,
> > >                 return;
> > >
> > >         /* if we race with running work, worst case this work becomes a noop */
> > > -       for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
> > > +       for_each_set_bit(bit, &bits, sizeof(bits) * BITS_PER_BYTE)
> > >                 set_bit(bit, ifmsh->mbss_changed);
> > >         set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
> > >         wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
> >
> > The ifmsh->mbss_changed is defined as:
> > 	unsigned long mbss_changed[64 / BITS_PER_LONG];
> >
> > It seems like loop of for_each_set_bit() want to copy each bit of changed (u64).
> > When shrink traversal size of for_each_set_bit() from sizeof(changed) to sizeof(bits), upper 32
> > bits of changed will not be copied to ifmsh->mbss_changed.
> > Will it be a problem?
> >
> 
> On 32-bit system, the upper 32 bits seem already lost when "unsigned long bits = changed". (no matter what
> the traversal size it is)
> IIUC, this patch is going to prevent traversal of "bits" from getting out-of-bound.
> 
> But perhaps, "unsigned long bits[] = { BITMAP_FROM_U64(changed) }" would be better.
> Then, traversal size can keep as before.

BITMAP_FROM_U64() looks like a good idea. 

[PATCH v2] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Issam Hamdi]

On 32-bit systems, the size of an unsigned long is 4 bytes,
while a u64 is 8 bytes. Therefore, when using
or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE),
the code is incorrectly searching for a bit in a 32-bit
variable that is expected to be 64 bits in size,
leading to incorrect bit finding.

Solution: Ensure that the size of the bits variable is correctly
adjusted for each architecture by use BITMAP_FROM_U64().

 Call Trace:
  ? show_regs+0x54/0x58
  ? __warn+0x6b/0xd4
  ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
  ? report_bug+0x113/0x150
  ? exc_overflow+0x30/0x30
  ? handle_bug+0x27/0x44
  ? exc_invalid_op+0x18/0x50
  ? handle_exception+0xf6/0xf6
  ? exc_overflow+0x30/0x30
  ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
  ? exc_overflow+0x30/0x30
  ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
  ? ieee80211_mesh_work+0xff/0x260 [mac80211]
  ? cfg80211_wiphy_work+0x72/0x98 [cfg80211]
  ? process_one_work+0xf1/0x1fc
  ? worker_thread+0x2c0/0x3b4
  ? kthread+0xc7/0xf0
  ? mod_delayed_work_on+0x4c/0x4c
  ? kthread_complete_and_exit+0x14/0x14
  ? ret_from_fork+0x24/0x38
  ? kthread_complete_and_exit+0x14/0x14
  ? ret_from_fork_asm+0xf/0x14
  ? entry_INT80_32+0xf0/0xf0

Reported-by: Kretschmer Mathias <mathias.kretschmer@fit.fraunhofer.de>
Signed-off-by: Issam Hamdi <ih@simonwunderlich.de>
---
Changes in v2:
- Use BITMAP_FROM_U64() to map all the 64 bits.
- Update the commit description.
---
 net/mac80211/mesh.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index cb5f16366b9c..e420eb4797a8 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1157,14 +1157,14 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
 				       u64 changed)
 {
 	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
-	unsigned long bits = changed;
+	unsigned long bits[] = { BITMAP_FROM_U64(changed) };
 	u32 bit;
 
 	if (!bits)
 		return;
 
 	/* if we race with running work, worst case this work becomes a noop */
-	for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
+	for_each_set_bit(bit, bits, sizeof(changed) * BITS_PER_BYTE)
 		set_bit(bit, ifmsh->mbss_changed);
 	set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
 	wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);

base-commit: dfc14664794a4706e0c2186a0c082386e6b14c4d
-- 
2.39.2

Re: [PATCH v2] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[James Dutton]

On Mon, 18 Nov 2024 at 12:56, Issam Hamdi <ih@simonwunderlich.de> wrote:
> ---
> Changes in v2:
> - Use BITMAP_FROM_U64() to map all the 64 bits.
> - Update the commit description.
> ---
>  net/mac80211/mesh.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
> index cb5f16366b9c..e420eb4797a8 100644
> --- a/net/mac80211/mesh.c
> +++ b/net/mac80211/mesh.c
> @@ -1157,14 +1157,14 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
>                                        u64 changed)
>  {
>         struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
> -       unsigned long bits = changed;
> +       unsigned long bits[] = { BITMAP_FROM_U64(changed) };

Wouldn't it be easier to use this instead:
-       unsigned long bits = changed;
+       u64 bits = changed;

Re: [PATCH v2] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Johannes Berg]

On Mon, 2024-11-18 at 13:26 +0000, James Dutton wrote:
> 
> > @@ -1157,14 +1157,14 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
> >                                        u64 changed)
> >  {
> >         struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
> > -       unsigned long bits = changed;
> > +       unsigned long bits[] = { BITMAP_FROM_U64(changed) };
> 
> Wouldn't it be easier to use this instead:
> -       unsigned long bits = changed;
> +       u64 bits = changed;

No, that's incorrect for set_bit() etc. at least on 32-bit big-endian
systems. Then you can't use for_each_set_bit() etc.

johannes

Re: [PATCH v2] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[kernel test robot]

Hi Issam,

kernel test robot noticed the following build warnings:

[auto build test WARNING on dfc14664794a4706e0c2186a0c082386e6b14c4d]

url:    https://github.com/intel-lab-lkp/linux/commits/Issam-Hamdi/wifi-mac80211-fix-mbss-changed-flags-corruption-on-32-bit-systems/20241121-150801
base:   dfc14664794a4706e0c2186a0c082386e6b14c4d
patch link:    https://lore.kernel.org/r/20241118125640.1110502-1-ih%40simonwunderlich.de
patch subject: [PATCH v2] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
config: arm64-randconfig-004-20241122 (https://download.01.org/0day-ci/archive/20241122/202411220516.wuQOEE8t-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241122/202411220516.wuQOEE8t-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202411220516.wuQOEE8t-lkp@intel.com/

All warnings (new ones prefixed by >>):

   net/mac80211/mesh.c: In function 'ieee80211_mbss_info_change_notify':
>> net/mac80211/mesh.c:1163:13: warning: the address of 'bits' will always evaluate as 'true' [-Waddress]
    1163 |         if (!bits)
         |             ^


vim +1163 net/mac80211/mesh.c

2b5e19677592c1 Thomas Pedersen 2013-02-14  1155  
2b5e19677592c1 Thomas Pedersen 2013-02-14  1156  void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
15ddba5f43114c Anjaneyulu      2023-06-04  1157  				       u64 changed)
2b5e19677592c1 Thomas Pedersen 2013-02-14  1158  {
f81a9dedaff434 Thomas Pedersen 2013-06-13  1159  	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
f0e1110ae72964 Issam Hamdi     2024-11-18  1160  	unsigned long bits[] = { BITMAP_FROM_U64(changed) };
f81a9dedaff434 Thomas Pedersen 2013-06-13  1161  	u32 bit;
f81a9dedaff434 Thomas Pedersen 2013-06-13  1162  
f81a9dedaff434 Thomas Pedersen 2013-06-13 @1163  	if (!bits)
2b5e19677592c1 Thomas Pedersen 2013-02-14  1164  		return;
f81a9dedaff434 Thomas Pedersen 2013-06-13  1165  
f81a9dedaff434 Thomas Pedersen 2013-06-13  1166  	/* if we race with running work, worst case this work becomes a noop */
f0e1110ae72964 Issam Hamdi     2024-11-18  1167  	for_each_set_bit(bit, bits, sizeof(changed) * BITS_PER_BYTE)
6e48ebffc2db54 Felix Fietkau   2023-09-13  1168  		set_bit(bit, ifmsh->mbss_changed);
f81a9dedaff434 Thomas Pedersen 2013-06-13  1169  	set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
16114496d684a3 Johannes Berg   2023-06-06  1170  	wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
2b5e19677592c1 Thomas Pedersen 2013-02-14  1171  }
2b5e19677592c1 Thomas Pedersen 2013-02-14  1172  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

[PATCH v3] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[Issam Hamdi]

On 32-bit systems, the size of an unsigned long is 4 bytes,
while a u64 is 8 bytes. Therefore, when using
or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE),
the code is incorrectly searching for a bit in a 32-bit
variable that is expected to be 64 bits in size,
leading to incorrect bit finding.

Solution: Ensure that the size of the bits variable is correctly
adjusted for each architecture.

 Call Trace:
  ? show_regs+0x54/0x58
  ? __warn+0x6b/0xd4
  ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
  ? report_bug+0x113/0x150
  ? exc_overflow+0x30/0x30
  ? handle_bug+0x27/0x44
  ? exc_invalid_op+0x18/0x50
  ? handle_exception+0xf6/0xf6
  ? exc_overflow+0x30/0x30
  ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
  ? exc_overflow+0x30/0x30
  ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]
  ? ieee80211_mesh_work+0xff/0x260 [mac80211]
  ? cfg80211_wiphy_work+0x72/0x98 [cfg80211]
  ? process_one_work+0xf1/0x1fc
  ? worker_thread+0x2c0/0x3b4
  ? kthread+0xc7/0xf0
  ? mod_delayed_work_on+0x4c/0x4c
  ? kthread_complete_and_exit+0x14/0x14
  ? ret_from_fork+0x24/0x38
  ? kthread_complete_and_exit+0x14/0x14
  ? ret_from_fork_asm+0xf/0x14
  ? entry_INT80_32+0xf0/0xf0

Signed-off-by: Issam Hamdi <ih@simonwunderlich.de>
---
Changes in v2:
- Use BITMAP_FROM_U64() to map all the 64 bits.
- Update the commit description.
Changes in v3:
- Remove not needed check on the variable bits.
---
 net/mac80211/mesh.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index cb5f16366b9c..9c33ad56da14 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1157,14 +1157,11 @@ void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
 				       u64 changed)
 {
 	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
-	unsigned long bits = changed;
+	unsigned long bits[] = { BITMAP_FROM_U64(changed) };
 	u32 bit;
 
-	if (!bits)
-		return;
-
 	/* if we race with running work, worst case this work becomes a noop */
-	for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
+	for_each_set_bit(bit, bits, sizeof(changed) * BITS_PER_BYTE)
 		set_bit(bit, ifmsh->mbss_changed);
 	set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
 	wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);

base-commit: dfc14664794a4706e0c2186a0c082386e6b14c4d
-- 
2.39.2

Re: [PATCH v2] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

[kernel test robot]

Hi Issam,

kernel test robot noticed the following build warnings:

[auto build test WARNING on dfc14664794a4706e0c2186a0c082386e6b14c4d]

url:    https://github.com/intel-lab-lkp/linux/commits/Issam-Hamdi/wifi-mac80211-fix-mbss-changed-flags-corruption-on-32-bit-systems/20241121-150801
base:   dfc14664794a4706e0c2186a0c082386e6b14c4d
patch link:    https://lore.kernel.org/r/20241118125640.1110502-1-ih%40simonwunderlich.de
patch subject: [PATCH v2] wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
config: hexagon-allyesconfig (https://download.01.org/0day-ci/archive/20241126/202411260443.dZKFWC4G-lkp@intel.com/config)
compiler: clang version 20.0.0git (https://github.com/llvm/llvm-project 592c0fe55f6d9a811028b5f3507be91458ab2713)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241126/202411260443.dZKFWC4G-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202411260443.dZKFWC4G-lkp@intel.com/

All warnings (new ones prefixed by >>):

   In file included from net/mac80211/mesh.c:11:
   In file included from net/mac80211/ieee80211_i.h:16:
   In file included from include/linux/if_ether.h:19:
   In file included from include/linux/skbuff.h:17:
   In file included from include/linux/bvec.h:10:
   In file included from include/linux/highmem.h:10:
   In file included from include/linux/mm.h:2213:
   include/linux/vmstat.h:518:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion]
     518 |         return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_"
         |                               ~~~~~~~~~~~ ^ ~~~
   In file included from net/mac80211/mesh.c:11:
   In file included from net/mac80211/ieee80211_i.h:16:
   In file included from include/linux/if_ether.h:19:
   In file included from include/linux/skbuff.h:17:
   In file included from include/linux/bvec.h:10:
   In file included from include/linux/highmem.h:12:
   In file included from include/linux/hardirq.h:11:
   In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
   In file included from include/asm-generic/hardirq.h:17:
   In file included from include/linux/irq.h:20:
   In file included from include/linux/io.h:14:
   In file included from arch/hexagon/include/asm/io.h:328:
   include/asm-generic/io.h:548:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
     548 |         val = __raw_readb(PCI_IOBASE + addr);
         |                           ~~~~~~~~~~ ^
   include/asm-generic/io.h:561:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
     561 |         val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
         |                                                         ~~~~~~~~~~ ^
   include/uapi/linux/byteorder/little_endian.h:37:51: note: expanded from macro '__le16_to_cpu'
      37 | #define __le16_to_cpu(x) ((__force __u16)(__le16)(x))
         |                                                   ^
   In file included from net/mac80211/mesh.c:11:
   In file included from net/mac80211/ieee80211_i.h:16:
   In file included from include/linux/if_ether.h:19:
   In file included from include/linux/skbuff.h:17:
   In file included from include/linux/bvec.h:10:
   In file included from include/linux/highmem.h:12:
   In file included from include/linux/hardirq.h:11:
   In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
   In file included from include/asm-generic/hardirq.h:17:
   In file included from include/linux/irq.h:20:
   In file included from include/linux/io.h:14:
   In file included from arch/hexagon/include/asm/io.h:328:
   include/asm-generic/io.h:574:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
     574 |         val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
         |                                                         ~~~~~~~~~~ ^
   include/uapi/linux/byteorder/little_endian.h:35:51: note: expanded from macro '__le32_to_cpu'
      35 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
         |                                                   ^
   In file included from net/mac80211/mesh.c:11:
   In file included from net/mac80211/ieee80211_i.h:16:
   In file included from include/linux/if_ether.h:19:
   In file included from include/linux/skbuff.h:17:
   In file included from include/linux/bvec.h:10:
   In file included from include/linux/highmem.h:12:
   In file included from include/linux/hardirq.h:11:
   In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
   In file included from include/asm-generic/hardirq.h:17:
   In file included from include/linux/irq.h:20:
   In file included from include/linux/io.h:14:
   In file included from arch/hexagon/include/asm/io.h:328:
   include/asm-generic/io.h:585:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
     585 |         __raw_writeb(value, PCI_IOBASE + addr);
         |                             ~~~~~~~~~~ ^
   include/asm-generic/io.h:595:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
     595 |         __raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
         |                                                       ~~~~~~~~~~ ^
   include/asm-generic/io.h:605:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
     605 |         __raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
         |                                                       ~~~~~~~~~~ ^
>> net/mac80211/mesh.c:1163:7: warning: address of array 'bits' will always evaluate to 'true' [-Wpointer-bool-conversion]
    1163 |         if (!bits)
         |             ~^~~~
   8 warnings generated.


vim +1163 net/mac80211/mesh.c

2b5e19677592c1 Thomas Pedersen 2013-02-14  1155  
2b5e19677592c1 Thomas Pedersen 2013-02-14  1156  void ieee80211_mbss_info_change_notify(struct ieee80211_sub_if_data *sdata,
15ddba5f43114c Anjaneyulu      2023-06-04  1157  				       u64 changed)
2b5e19677592c1 Thomas Pedersen 2013-02-14  1158  {
f81a9dedaff434 Thomas Pedersen 2013-06-13  1159  	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
f0e1110ae72964 Issam Hamdi     2024-11-18  1160  	unsigned long bits[] = { BITMAP_FROM_U64(changed) };
f81a9dedaff434 Thomas Pedersen 2013-06-13  1161  	u32 bit;
f81a9dedaff434 Thomas Pedersen 2013-06-13  1162  
f81a9dedaff434 Thomas Pedersen 2013-06-13 @1163  	if (!bits)
2b5e19677592c1 Thomas Pedersen 2013-02-14  1164  		return;
f81a9dedaff434 Thomas Pedersen 2013-06-13  1165  
f81a9dedaff434 Thomas Pedersen 2013-06-13  1166  	/* if we race with running work, worst case this work becomes a noop */
f0e1110ae72964 Issam Hamdi     2024-11-18  1167  	for_each_set_bit(bit, bits, sizeof(changed) * BITS_PER_BYTE)
6e48ebffc2db54 Felix Fietkau   2023-09-13  1168  		set_bit(bit, ifmsh->mbss_changed);
f81a9dedaff434 Thomas Pedersen 2013-06-13  1169  	set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
16114496d684a3 Johannes Berg   2023-06-06  1170  	wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
2b5e19677592c1 Thomas Pedersen 2013-02-14  1171  }
2b5e19677592c1 Thomas Pedersen 2013-02-14  1172  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki