| developer | 05f3b2b | 2024-08-19 19:17:34 +0800 | [diff] [blame^] | 1 | From 0468bbdacaddcec089088bbb16e0d4b402d52aaa Mon Sep 17 00:00:00 2001 |
| 2 | From: Shayne Chen <shayne.chen@mediatek.com> |
| 3 | Date: Tue, 9 Jul 2024 14:54:39 +0800 |
| 4 | Subject: [PATCH 180/199] mtk: mt76: mt7996: fix potential null pointer |
| 5 | |
| 6 | Fix more parts that might have null pointer access. |
| 7 | |
| 8 | Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com> |
| 9 | Signed-off-by: Shayne Chen <shayne.chen@mediatek.com> |
| 10 | --- |
| 11 | mt7996/mac.c | 3 +++ |
| 12 | mt7996/main.c | 10 ++++++++++ |
| 13 | mt7996/mcu.c | 3 +++ |
| 14 | 3 files changed, 16 insertions(+) |
| 15 | |
| 16 | diff --git a/mt7996/mac.c b/mt7996/mac.c |
| 17 | index c91c550d..657a19c1 100644 |
| 18 | --- a/mt7996/mac.c |
| 19 | +++ b/mt7996/mac.c |
| 20 | @@ -1115,6 +1115,9 @@ mt7996_tx_check_aggr(struct ieee80211_sta *sta, struct sk_buff *skb, |
| 21 | |
| 22 | msta = (struct mt7996_sta *)sta->drv_priv; |
| 23 | mlink = rcu_dereference(msta->link[msta->pri_link]); |
| 24 | + if (!mlink) |
| 25 | + return; |
| 26 | + |
| 27 | if (!test_and_set_bit(tid, &mlink->wcid.ampdu_state)) |
| 28 | ieee80211_start_tx_ba_session(sta, tid, 0); |
| 29 | } |
| 30 | diff --git a/mt7996/main.c b/mt7996/main.c |
| 31 | index 032ef5f3..ff0b9c0e 100644 |
| 32 | --- a/mt7996/main.c |
| 33 | +++ b/mt7996/main.c |
| 34 | @@ -518,9 +518,12 @@ static void mt7996_remove_interface(struct ieee80211_hw *hw, |
| 35 | |
| 36 | conf = link_conf_dereference_protected(vif, 0); |
| 37 | mconf = mconf_dereference_protected(mvif, 0); |
| 38 | + if (!mconf || !conf) |
| 39 | + goto out; |
| 40 | |
| 41 | mt7996_remove_bss_conf(vif, conf, mconf); |
| 42 | |
| 43 | +out: |
| 44 | mutex_unlock(&dev->mt76.mutex); |
| 45 | } |
| 46 | |
| 47 | @@ -928,6 +931,9 @@ static void mt7996_vif_cfg_changed(struct ieee80211_hw *hw, |
| 48 | struct mt7996_link_sta *mlink = |
| 49 | mlink_dereference_protected(&mvif->sta, link_id); |
| 50 | |
| 51 | + if (!conf || !mconf || !mlink) |
| 52 | + continue; |
| 53 | + |
| 54 | mt7996_mcu_add_bss_info(mconf->phy, conf, mconf, mlink, true); |
| 55 | mt7996_mcu_add_sta(dev, conf, mconf, NULL, mlink, true, false); |
| 56 | } |
| 57 | @@ -1279,6 +1285,8 @@ mt7996_mac_sta_remove_links(struct mt7996_dev *dev, struct ieee80211_vif *vif, |
| 58 | link_sta_dereference_protected(sta, link_id); |
| 59 | bool last_link = rem == sta->valid_links && link_id == __fls(rem); |
| 60 | |
| 61 | + if (!mconf || !mlink || !conf || !link_sta) |
| 62 | + continue; |
| 63 | mt7996_remove_link_sta(dev, conf, mconf, link_sta, mlink, last_link); |
| 64 | } |
| 65 | } |
| 66 | @@ -1415,6 +1423,8 @@ mt7996_sta_pre_rcu_remove(struct ieee80211_hw *hw, struct ieee80211_vif *vif, |
| 67 | struct mt7996_link_sta *mlink = |
| 68 | mlink_dereference_protected(msta, link_id); |
| 69 | |
| 70 | + if (!mlink) |
| 71 | + continue; |
| 72 | rcu_assign_pointer(dev->mt76.wcid[mlink->wcid.idx], NULL); |
| 73 | } |
| 74 | spin_unlock_bh(&dev->mt76.status_lock); |
| 75 | diff --git a/mt7996/mcu.c b/mt7996/mcu.c |
| 76 | index 857d2826..4310d35b 100644 |
| 77 | --- a/mt7996/mcu.c |
| 78 | +++ b/mt7996/mcu.c |
| 79 | @@ -3027,6 +3027,9 @@ mt7996_mcu_sta_mld_setup_tlv(struct mt7996_dev *dev, struct sk_buff *skb, |
| 80 | mlink = mlink_dereference_protected(msta, link_id); |
| 81 | mconf = mconf_dereference_protected(msta->vif, link_id); |
| 82 | |
| 83 | + if (!mlink || !mconf) |
| 84 | + continue; |
| 85 | + |
| 86 | mld_setup_link->wcid = cpu_to_le16(mlink->wcid.idx); |
| 87 | mld_setup_link->bss_idx = mconf->mt76.idx; |
| 88 | mt76_trace(vif, "link_id(%d) wcid(%d) bss_idx(%d)\n", |
| 89 | -- |
| 90 | 2.18.0 |
| 91 | |