blob: 435e1b4ef03595c0d8fd9b4169faa52f9f044d65 [file] [log] [blame]
From f5553a51be55e84e4920327a7a47fd0459079f19 Mon Sep 17 00:00:00 2001
From: MeiChia Chiu <meichia.chiu@mediatek.com>
Date: Thu, 26 Oct 2023 21:11:05 +0800
Subject: [PATCH 05/14] wifi: mt76: mt7915: Fixed null pointer dereference
issue
Without this patch, when the station is still in Authentication stage and
sends a "Notify bandwidth change action frame" to AP at the same time,
there will be a race condition that causes a crash to occur because the AP
access "msta->vif" that has not been fully initialized.
Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com>
Signed-off-by: Money Wang <money.wang@mediatek.com>
Signed-off-by: MeiChia Chiu <meichia.chiu@mediatek.com>
---
mt7915/main.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/mt7915/main.c b/mt7915/main.c
index 1903db4f..61a1dbb0 100644
--- a/mt7915/main.c
+++ b/mt7915/main.c
@@ -1170,9 +1170,16 @@ static void mt7915_sta_rc_update(struct ieee80211_hw *hw,
struct ieee80211_sta *sta,
u32 changed)
{
+ struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
struct mt7915_phy *phy = mt7915_hw_phy(hw);
struct mt7915_dev *dev = phy->dev;
+ if (!msta->vif) {
+ dev_warn(dev->mt76.dev, "Un-initialized STA %pM wcid %d in rc_work\n",
+ sta->addr, msta->wcid.idx);
+ return;
+ }
+
mt7915_sta_rc_work(&changed, sta);
ieee80211_queue_work(hw, &dev->rc_work);
}
--
2.18.0