From d4b6226c74988932d9df8f1a6b5afbcea7effc38 Mon Sep 17 00:00:00 2001 From: MeiChia Chiu Date: Thu, 26 Oct 2023 21:11:05 +0800 Subject: [PATCH 05/14] wifi: mt76: mt7915: Fixed null pointer dereference issue Without this patch, when the station is still in Authentication stage and sends a "Notify bandwidth change action frame" to AP at the same time, there will be a race condition that causes a crash to occur because the AP access "msta->vif" that has not been fully initialized. Signed-off-by: Bo Jiao Signed-off-by: Money Wang Signed-off-by: MeiChia Chiu --- mt7915/main.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/mt7915/main.c b/mt7915/main.c index 1903db4..61a1dbb 100644 --- a/mt7915/main.c +++ b/mt7915/main.c @@ -1170,9 +1170,16 @@ static void mt7915_sta_rc_update(struct ieee80211_hw *hw, struct ieee80211_sta *sta, u32 changed) { + struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv; struct mt7915_phy *phy = mt7915_hw_phy(hw); struct mt7915_dev *dev = phy->dev; + if (!msta->vif) { + dev_warn(dev->mt76.dev, "Un-initialized STA %pM wcid %d in rc_work\n", + sta->addr, msta->wcid.idx); + return; + } + mt7915_sta_rc_work(&changed, sta); ieee80211_queue_work(hw, &dev->rc_work); } -- 2.18.0