| developer | 1f55fcf | 2024-10-17 14:52:33 +0800 | [diff] [blame^] | 1 | From 356d5ed87c0ced7ac2078466d60e4ef5fd87edda Mon Sep 17 00:00:00 2001 |
| developer | d0c8945 | 2024-10-11 16:53:27 +0800 | [diff] [blame] | 2 | From: Peter Chiu <chui-hao.chiu@mediatek.com> |
| 3 | Date: Mon, 30 Oct 2023 11:06:19 +0800 |
| developer | 1f55fcf | 2024-10-17 14:52:33 +0800 | [diff] [blame^] | 4 | Subject: [PATCH 010/193] mtk: mt76: add sanity check to prevent kernel crash |
| developer | d0c8945 | 2024-10-11 16:53:27 +0800 | [diff] [blame] | 5 | |
| 6 | wcid may not be initialized when mac80211 calls mt76.tx and it would lead to |
| 7 | kernel crash. |
| 8 | |
| 9 | Change-Id: I90004271c6e91620c6991195dd332780ce28380e |
| 10 | Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com> |
| 11 | --- |
| 12 | tx.c | 10 +++++++++- |
| 13 | 1 file changed, 9 insertions(+), 1 deletion(-) |
| 14 | |
| 15 | diff --git a/tx.c b/tx.c |
| developer | 1f55fcf | 2024-10-17 14:52:33 +0800 | [diff] [blame^] | 16 | index ce193e6..c24729d 100644 |
| developer | d0c8945 | 2024-10-11 16:53:27 +0800 | [diff] [blame] | 17 | --- a/tx.c |
| 18 | +++ b/tx.c |
| 19 | @@ -352,8 +352,16 @@ mt76_tx(struct mt76_phy *phy, struct ieee80211_sta *sta, |
| 20 | if ((info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) || |
| developer | 1f55fcf | 2024-10-17 14:52:33 +0800 | [diff] [blame^] | 21 | (info->control.flags & IEEE80211_TX_CTRL_DONT_USE_RATE_MASK)) |
| developer | d0c8945 | 2024-10-11 16:53:27 +0800 | [diff] [blame] | 22 | head = &wcid->tx_offchannel; |
| 23 | - else |
| 24 | + else { |
| 25 | + if (!wcid->tx_pending.prev || !wcid->tx_pending.next) { |
| 26 | + dev_warn(phy->dev->dev, "Un-initialized STA %pM wcid %d in mt76_tx\n", |
| 27 | + sta->addr, wcid->idx); |
| 28 | + |
| 29 | + ieee80211_free_txskb(phy->hw, skb); |
| 30 | + return; |
| 31 | + } |
| 32 | head = &wcid->tx_pending; |
| 33 | + } |
| 34 | |
| 35 | spin_lock_bh(&head->lock); |
| 36 | __skb_queue_tail(head, skb); |
| 37 | -- |
| 38 | 2.45.2 |
| 39 | |