Gitiles
Code Review Sign In
git01.mediatek.com / openwrt / feeds / mtk-openwrt-feeds / f0b0e23805fba5a57daec8c224a524d2ec247fbb / . / autobuild_mac80211_release / package / kernel / mt76 / patches / 0011-mt76-mt7915-add-list_del_init-msta-wcid.list.patch
blob: 0ea18c1bb5f40b007f836ea357de860b71df29b6 [file] [log] [blame]
developerbbb2f362022-04-01 09:46:58 +0800[diff] [blame]1From 95953b3adaadf15ad5ae637d4e0e433c3bfb0835 Mon Sep 17 00:00:00 2001
2From: Bo Jiao <Bo.Jiao@mediatek.com>
3Date: Thu, 31 Mar 2022 11:23:02 +0800
4Subject: [PATCH] mt76: mt7915: add list_del_init(&msta->wcid.list)
5
6msta->wcid may use after free when do mt76_tx_status_check
7
8Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com>
9---
10 mt7915/main.c | 5 +++++
11 1 file changed, 5 insertions(+)
12
13diff --git a/mt7915/main.c b/mt7915/main.c
14index 9de5f152..fc271e3c 100644
15--- a/mt7915/main.c
16+++ b/mt7915/main.c
17@@ -729,6 +729,11 @@ void mt7915_mac_sta_remove(struct mt76_dev *mdev, struct ieee80211_vif *vif,
18 if (!list_empty(&msta->rc_list))
19 list_del_init(&msta->rc_list);
20 spin_unlock_bh(&dev->sta_poll_lock);
21+
22+ spin_lock_bh(&mdev->status_lock);
23+ if (!list_empty(&msta->wcid.list))
24+ list_del_init(&msta->wcid.list);
25+ spin_unlock_bh(&mdev->status_lock);
26 }
27
28 static void mt7915_tx(struct ieee80211_hw *hw,
29--
302.18.0
31