Gitiles
Code Review Sign In
git01.mediatek.com / filogic / rdk-b / meta-filogic / 05f3b2be78bc66ffe25f0298d8edf45ca46a1ca2^! / . / recipes-wifi / linux-mt76 / files / patches-3.x / 0180-mtk-mt76-mt7996-fix-potential-null-pointer.patch
commit05f3b2be78bc66ffe25f0298d8edf45ca46a1ca2[log] [tgz]
authordeveloper <developer@mediatek.com>Mon Aug 19 19:17:34 2024 +0800
committerdeveloper <developer@mediatek.com>Mon Aug 19 19:17:34 2024 +0800
treed7688f2c76af9c2f345aacbf50db7a75444f34b2
parentcc8110b742035c30bc4faf2e4b4716d34c459ca1 [diff] [blame]
[rdkb][common][bsp][Refactor and sync wifi from openwrt]

[Description]
3a2eef0b [MAC80211][Release][Update release note for Filogic 880/860 MLO Beta release]
cfbd2411 [MAC80211][Release][Filogic 880/860 MLO Beta release]
6c180e3f [MAC80211][WiFi7][misc][Add Eagle BE14000 efem default bin]
a55f34db [MAC80211][Release][Prepare for Filogic 880/860 release]
5b45ebca [MAC80211][WiFi7][hostapd][Add puncture bitmap to ucode]
95bbea73 [MAC80211][WiFi6][mt76][Add PID to only report data-frame TX rate]
b15ced26 [MAC80211][WiFi6][hostapd][Fix DFS channel selection issue]
d59133cb [MAC80211][WiFi6][mt76][Fix pse info not correct information]
3921b4b2 [MAC80211][WiFi6][mt76][Fix incomplete QoS-map setting to FW]
4e7690c7 [MAC80211][WiFi6/7][app][Change ATECHANNEL mapping cmd]
eb37af90 [MAC80211][WiFi7][app][Add support for per-packet bw & primary selection]
0ea82adf [MAC80211][WiFi6][core][Fix DFS CAC issue after CSA]

[Release-log]

Change-Id: I9bec97ec1b2e1c49ed43a812a07a5b21fcbb70a6

diff --git a/recipes-wifi/linux-mt76/files/patches-3.x/0180-mtk-mt76-mt7996-fix-potential-null-pointer.patch b/recipes-wifi/linux-mt76/files/patches-3.x/0180-mtk-mt76-mt7996-fix-potential-null-pointer.patch
new file mode 100644
index 0000000..d82d6f0
--- /dev/null
+++ b/recipes-wifi/linux-mt76/files/patches-3.x/0180-mtk-mt76-mt7996-fix-potential-null-pointer.patch

@@ -0,0 +1,91 @@
+From 0468bbdacaddcec089088bbb16e0d4b402d52aaa Mon Sep 17 00:00:00 2001
+From: Shayne Chen <shayne.chen@mediatek.com>
+Date: Tue, 9 Jul 2024 14:54:39 +0800
+Subject: [PATCH 180/199] mtk: mt76: mt7996: fix potential null pointer
+
+Fix more parts that might have null pointer access.
+
+Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
+Signed-off-by: Shayne Chen <shayne.chen@mediatek.com>
+---
+ mt7996/mac.c  |  3 +++
+ mt7996/main.c | 10 ++++++++++
+ mt7996/mcu.c  |  3 +++
+ 3 files changed, 16 insertions(+)
+
+diff --git a/mt7996/mac.c b/mt7996/mac.c
+index c91c550d..657a19c1 100644
+--- a/mt7996/mac.c
++++ b/mt7996/mac.c
+@@ -1115,6 +1115,9 @@ mt7996_tx_check_aggr(struct ieee80211_sta *sta, struct sk_buff *skb,
+ 
+ 	msta = (struct mt7996_sta *)sta->drv_priv;
+ 	mlink = rcu_dereference(msta->link[msta->pri_link]);
++	if (!mlink)
++		return;
++
+ 	if (!test_and_set_bit(tid, &mlink->wcid.ampdu_state))
+ 		ieee80211_start_tx_ba_session(sta, tid, 0);
+ }
+diff --git a/mt7996/main.c b/mt7996/main.c
+index 032ef5f3..ff0b9c0e 100644
+--- a/mt7996/main.c
++++ b/mt7996/main.c
+@@ -518,9 +518,12 @@ static void mt7996_remove_interface(struct ieee80211_hw *hw,
+ 
+ 	conf = link_conf_dereference_protected(vif, 0);
+ 	mconf = mconf_dereference_protected(mvif, 0);
++	if (!mconf || !conf)
++		goto out;
+ 
+ 	mt7996_remove_bss_conf(vif, conf, mconf);
+ 
++out:
+ 	mutex_unlock(&dev->mt76.mutex);
+ }
+ 
+@@ -928,6 +931,9 @@ static void mt7996_vif_cfg_changed(struct ieee80211_hw *hw,
+ 			struct mt7996_link_sta *mlink =
+ 				mlink_dereference_protected(&mvif->sta, link_id);
+ 
++			if (!conf || !mconf || !mlink)
++				continue;
++
+ 			mt7996_mcu_add_bss_info(mconf->phy, conf, mconf, mlink, true);
+ 			mt7996_mcu_add_sta(dev, conf, mconf, NULL, mlink, true, false);
+ 		}
+@@ -1279,6 +1285,8 @@ mt7996_mac_sta_remove_links(struct mt7996_dev *dev, struct ieee80211_vif *vif,
+ 			link_sta_dereference_protected(sta, link_id);
+ 		bool last_link = rem == sta->valid_links && link_id == __fls(rem);
+ 
++		if (!mconf || !mlink || !conf || !link_sta)
++			continue;
+ 		mt7996_remove_link_sta(dev, conf, mconf, link_sta, mlink, last_link);
+ 	}
+ }
+@@ -1415,6 +1423,8 @@ mt7996_sta_pre_rcu_remove(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
+ 		struct mt7996_link_sta *mlink =
+ 			mlink_dereference_protected(msta, link_id);
+ 
++		if (!mlink)
++			continue;
+ 		rcu_assign_pointer(dev->mt76.wcid[mlink->wcid.idx], NULL);
+ 	}
+ 	spin_unlock_bh(&dev->mt76.status_lock);
+diff --git a/mt7996/mcu.c b/mt7996/mcu.c
+index 857d2826..4310d35b 100644
+--- a/mt7996/mcu.c
++++ b/mt7996/mcu.c
+@@ -3027,6 +3027,9 @@ mt7996_mcu_sta_mld_setup_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
+ 		mlink = mlink_dereference_protected(msta, link_id);
+ 		mconf = mconf_dereference_protected(msta->vif, link_id);
+ 
++		if (!mlink || !mconf)
++			continue;
++
+ 		mld_setup_link->wcid = cpu_to_le16(mlink->wcid.idx);
+ 		mld_setup_link->bss_idx = mconf->mt76.idx;
+ 		mt76_trace(vif, "link_id(%d) wcid(%d) bss_idx(%d)\n",
+-- 
+2.18.0
+