blob: 418c92e0c5583b61c2c5d23e3a20fb59e3f84a05 [file] [log] [blame]
developerd0c89452024-10-11 16:53:27 +08001From 4de8ef89ddae7299fbf92927aaa6bf226e10bef0 Mon Sep 17 00:00:00 2001
developer05f3b2b2024-08-19 19:17:34 +08002From: Shayne Chen <shayne.chen@mediatek.com>
3Date: Tue, 9 Jul 2024 14:54:39 +0800
developerd0c89452024-10-11 16:53:27 +08004Subject: [PATCH 168/223] mtk: mt76: mt7996: fix potential null pointer
developer05f3b2b2024-08-19 19:17:34 +08005
6Fix more parts that might have null pointer access.
7
developerd0c89452024-10-11 16:53:27 +08008Change-Id: Iba945d07cb0b5816cf6cd48f1148edefd9a02d1e
9Change-Id: I7fc4c0b8bc5eda41fa142560995ffc327c188b7f
developer05f3b2b2024-08-19 19:17:34 +080010Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
11Signed-off-by: Shayne Chen <shayne.chen@mediatek.com>
12---
13 mt7996/mac.c | 3 +++
14 mt7996/main.c | 10 ++++++++++
15 mt7996/mcu.c | 3 +++
16 3 files changed, 16 insertions(+)
17
18diff --git a/mt7996/mac.c b/mt7996/mac.c
developerd0c89452024-10-11 16:53:27 +080019index 1952cb0c..1a3c661f 100644
developer05f3b2b2024-08-19 19:17:34 +080020--- a/mt7996/mac.c
21+++ b/mt7996/mac.c
developerd0c89452024-10-11 16:53:27 +080022@@ -1127,6 +1127,9 @@ mt7996_tx_check_aggr(struct ieee80211_sta *sta, struct sk_buff *skb,
developer05f3b2b2024-08-19 19:17:34 +080023
24 msta = (struct mt7996_sta *)sta->drv_priv;
25 mlink = rcu_dereference(msta->link[msta->pri_link]);
26+ if (!mlink)
27+ return;
28+
29 if (!test_and_set_bit(tid, &mlink->wcid.ampdu_state))
30 ieee80211_start_tx_ba_session(sta, tid, 0);
31 }
32diff --git a/mt7996/main.c b/mt7996/main.c
developerd0c89452024-10-11 16:53:27 +080033index 562137a5..c95e7e35 100644
developer05f3b2b2024-08-19 19:17:34 +080034--- a/mt7996/main.c
35+++ b/mt7996/main.c
36@@ -518,9 +518,12 @@ static void mt7996_remove_interface(struct ieee80211_hw *hw,
37
38 conf = link_conf_dereference_protected(vif, 0);
39 mconf = mconf_dereference_protected(mvif, 0);
40+ if (!mconf || !conf)
41+ goto out;
42
43 mt7996_remove_bss_conf(vif, conf, mconf);
44
45+out:
46 mutex_unlock(&dev->mt76.mutex);
47 }
48
49@@ -928,6 +931,9 @@ static void mt7996_vif_cfg_changed(struct ieee80211_hw *hw,
50 struct mt7996_link_sta *mlink =
51 mlink_dereference_protected(&mvif->sta, link_id);
52
53+ if (!conf || !mconf || !mlink)
54+ continue;
55+
56 mt7996_mcu_add_bss_info(mconf->phy, conf, mconf, mlink, true);
57 mt7996_mcu_add_sta(dev, conf, mconf, NULL, mlink, true, false);
58 }
59@@ -1279,6 +1285,8 @@ mt7996_mac_sta_remove_links(struct mt7996_dev *dev, struct ieee80211_vif *vif,
60 link_sta_dereference_protected(sta, link_id);
61 bool last_link = rem == sta->valid_links && link_id == __fls(rem);
62
63+ if (!mconf || !mlink || !conf || !link_sta)
64+ continue;
65 mt7996_remove_link_sta(dev, conf, mconf, link_sta, mlink, last_link);
66 }
67 }
developerd0c89452024-10-11 16:53:27 +080068@@ -1419,6 +1427,8 @@ mt7996_sta_pre_rcu_remove(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
developer05f3b2b2024-08-19 19:17:34 +080069 struct mt7996_link_sta *mlink =
70 mlink_dereference_protected(msta, link_id);
71
72+ if (!mlink)
73+ continue;
74 rcu_assign_pointer(dev->mt76.wcid[mlink->wcid.idx], NULL);
75 }
76 spin_unlock_bh(&dev->mt76.status_lock);
77diff --git a/mt7996/mcu.c b/mt7996/mcu.c
developerd0c89452024-10-11 16:53:27 +080078index 3fcc7fac..856168f6 100644
developer05f3b2b2024-08-19 19:17:34 +080079--- a/mt7996/mcu.c
80+++ b/mt7996/mcu.c
developerd0c89452024-10-11 16:53:27 +080081@@ -3032,6 +3032,9 @@ mt7996_mcu_sta_mld_setup_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
developer05f3b2b2024-08-19 19:17:34 +080082 mlink = mlink_dereference_protected(msta, link_id);
83 mconf = mconf_dereference_protected(msta->vif, link_id);
84
85+ if (!mlink || !mconf)
86+ continue;
87+
88 mld_setup_link->wcid = cpu_to_le16(mlink->wcid.idx);
89 mld_setup_link->bss_idx = mconf->mt76.idx;
90 mt76_trace(vif, "link_id(%d) wcid(%d) bss_idx(%d)\n",
91--
developerd0c89452024-10-11 16:53:27 +0800922.45.2
developer05f3b2b2024-08-19 19:17:34 +080093