| developer | 6bcdd6c | 2024-03-21 16:26:34 +0800 | [diff] [blame^] | 1 | From f6d53616762cdea29d9d06353a42d9349791a80d Mon Sep 17 00:00:00 2001 |
| 2 | From: MeiChia Chiu <meichia.chiu@mediatek.com> |
| 3 | Date: Thu, 26 Oct 2023 10:08:10 +0800 |
| 4 | Subject: [PATCH 019/120] mtk: wifi: mt76: mt7996: Fixed null pointer |
| 5 | dereference issue |
| 6 | |
| 7 | Without this patch, when the station is still in Authentication stage and |
| 8 | sends a "Notify bandwidth change action frame" to AP at the same time, |
| 9 | there will be a race condition that causes a crash to occur because the AP |
| 10 | access "msta->vif" that has not been fully initialized. |
| 11 | |
| 12 | CR-ID: WCNCR00240597 |
| 13 | Change-Id: Ie17fbdd8ab11651a9ae0c30faac0b5ad82176e95 |
| 14 | Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com> |
| 15 | Signed-off-by: Money Wang <money.wang@mediatek.com> |
| 16 | Signed-off-by: MeiChia Chiu <meichia.chiu@mediatek.com> |
| 17 | --- |
| 18 | mt7996/main.c | 7 +++++++ |
| 19 | 1 file changed, 7 insertions(+) |
| 20 | |
| 21 | diff --git a/mt7996/main.c b/mt7996/main.c |
| 22 | index 0a576daad..2a6706c25 100644 |
| 23 | --- a/mt7996/main.c |
| 24 | +++ b/mt7996/main.c |
| 25 | @@ -1073,9 +1073,16 @@ static void mt7996_sta_rc_update(struct ieee80211_hw *hw, |
| 26 | struct ieee80211_sta *sta, |
| 27 | u32 changed) |
| 28 | { |
| 29 | + struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv; |
| 30 | struct mt7996_phy *phy = mt7996_hw_phy(hw); |
| 31 | struct mt7996_dev *dev = phy->dev; |
| 32 | |
| 33 | + if (!msta->vif) { |
| 34 | + dev_warn(dev->mt76.dev, "Un-initialized STA %pM wcid %d in rc_work\n", |
| 35 | + sta->addr, msta->wcid.idx); |
| 36 | + return; |
| 37 | + } |
| 38 | + |
| 39 | mt7996_sta_rc_work(&changed, sta); |
| 40 | ieee80211_queue_work(hw, &dev->rc_work); |
| 41 | } |
| 42 | -- |
| 43 | 2.39.2 |
| 44 | |