recipes-wifi/linux-mt76/files/patches/0008-wifi-mt76-mt7915-Fixed-null-pointer-dereference-issu.patch

From 5e5c03f7f7fe349d4d835bd6809bc40b32a9ec8a Mon Sep 17 00:00:00 2001
From: MeiChia Chiu <meichia.chiu@mediatek.com>
Date: Thu, 26 Oct 2023 21:11:05 +0800
Subject: [PATCH 08/76] wifi: mt76: mt7915: Fixed null pointer dereference
 issue

Without this patch, when the station is still in Authentication stage and
sends a "Notify bandwidth change action frame" to AP at the same time,
there will be a race condition that causes a crash to occur because the AP
access "msta->vif" that has not been fully initialized.

Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com>
Signed-off-by: Money Wang <money.wang@mediatek.com>
Signed-off-by: MeiChia Chiu <meichia.chiu@mediatek.com>
---
 mt7915/main.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/mt7915/main.c b/mt7915/main.c
index 4e0216e..3cf459d 100644
--- a/mt7915/main.c
+++ b/mt7915/main.c
@@ -1166,9 +1166,16 @@ static void mt7915_sta_rc_update(struct ieee80211_hw *hw,
 				 struct ieee80211_sta *sta,
 				 u32 changed)
 {
+	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
 	struct mt7915_phy *phy = mt7915_hw_phy(hw);
 	struct mt7915_dev *dev = phy->dev;
 
+	if (!msta->vif) {
+		dev_warn(dev->mt76.dev, "Un-initialized STA %pM wcid %d in rc_work\n",
+			 sta->addr, msta->wcid.idx);
+		return;
+	}
+
 	mt7915_sta_rc_work(&changed, sta);
 	ieee80211_queue_work(hw, &dev->rc_work);
 }
-- 
2.18.0