[openwrt/openwrt] mac80211: fix mesh id corruption on 32 bit systems

[LEDE Commits]

hauke pushed a commit to openwrt/openwrt.git, branch openwrt-23.05:
https://git.openwrt.org/2b1ed7b33d42637c13947aa32e320ef787bb27cb

commit 2b1ed7b33d42637c13947aa32e320ef787bb27cb
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Tue Sep 12 15:17:23 2023 +0200

    mac80211: fix mesh id corruption on 32 bit systems
    
    increase size of ifmsh->mbss_changed
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
    (cherry picked from commit 20bd3502d3a841457cc06b3aa45646258fdcba9e)
    Link: https://github.com/openwrt/openwrt/pull/15836
    [Moved the patch to the end of the patch queue]
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 ...-fix-mesh-id-corruption-on-32-bit-systems.patch | 62 ++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/package/kernel/mac80211/patches/subsys/361-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch b/package/kernel/mac80211/patches/subsys/361-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch
new file mode 100644
index 0000000000..4e3cd106d3
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/361-mac80211-fix-mesh-id-corruption-on-32-bit-systems.patch
@@ -0,0 +1,62 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Tue, 12 Sep 2023 15:09:27 +0200
+Subject: [PATCH] mac80211: fix mesh id corruption on 32 bit systems
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since the changed field size was increased to u64, mesh_bss_info_changed
+pulls invalid bits from the first 3 bytes of the mesh id, clears them, and
+passes them on to ieee80211_link_info_change_notify, because
+ifmsh->mbss_changed was not updated to match its size.
+Fix this by turning into ifmsh->mbss_changed into an unsigned long array with
+64 bit size.
+
+Fixes: 15ddba5f4311 ("wifi: mac80211: consistently use u64 for BSS changes")
+Reported-by: Thomas Hühn <thomas.huehn at hs-nordhausen.de>
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -680,7 +680,7 @@ struct ieee80211_if_mesh {
+ 	struct timer_list mesh_path_root_timer;
+ 
+ 	unsigned long wrkq_flags;
+-	unsigned long mbss_changed;
++	unsigned long mbss_changed[64 / BITS_PER_LONG];
+ 
+ 	bool userspace_handles_dfs;
+ 
+--- a/net/mac80211/mesh.c
++++ b/net/mac80211/mesh.c
+@@ -1106,7 +1106,7 @@ void ieee80211_mbss_info_change_notify(s
+ 
+ 	/* if we race with running work, worst case this work becomes a noop */
+ 	for_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE)
+-		set_bit(bit, &ifmsh->mbss_changed);
++		set_bit(bit, ifmsh->mbss_changed);
+ 	set_bit(MESH_WORK_MBSS_CHANGED, &ifmsh->wrkq_flags);
+ 	ieee80211_queue_work(&sdata->local->hw, &sdata->work);
+ }
+@@ -1188,7 +1188,7 @@ void ieee80211_stop_mesh(struct ieee8021
+ 
+ 	/* clear any mesh work (for next join) we may have accrued */
+ 	ifmsh->wrkq_flags = 0;
+-	ifmsh->mbss_changed = 0;
++	memset(ifmsh->mbss_changed, 0, sizeof(ifmsh->mbss_changed));
+ 
+ 	local->fif_other_bss--;
+ 	atomic_dec(&local->iff_allmultis);
+@@ -1653,9 +1653,9 @@ static void mesh_bss_info_changed(struct
+ 	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
+ 	u32 bit, changed = 0;
+ 
+-	for_each_set_bit(bit, &ifmsh->mbss_changed,
++	for_each_set_bit(bit, ifmsh->mbss_changed,
+ 			 sizeof(changed) * BITS_PER_BYTE) {
+-		clear_bit(bit, &ifmsh->mbss_changed);
++		clear_bit(bit, ifmsh->mbss_changed);
+ 		changed |= BIT(bit);
+ 	}
+