From: Stanislaw Gruszka <stf_xl@wp.pl>
To: Tuo Li <islituo@gmail.com>
Cc: linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] wifi: iwlegacy: 3945-rs: fix possible null-pointer dereferences in il3945_rs_get_rate()
Date: Wed, 7 Jan 2026 09:59:49 +0100 [thread overview]
Message-ID: <20260107085949.GA35258@wp.pl> (raw)
In-Reply-To: <20260107084149.173289-1-islituo@gmail.com>
On Wed, Jan 07, 2026 at 04:41:49PM +0800, Tuo Li wrote:
> In this function, il_sta is assigned to rs_sta, and rs_sta is dereferenced
> at several points. If il_sta is NULL, this can lead to null-pointer
> dereferences. To fix this issue, add an early check for il_sta and return
> if it is NULL, consistent with the handling in il3945_rs_tx_status().
>
> Besides, if the STA il data is uninitialized, return early instead of
> setting il_sta to NULL, consistent with the handling in
> il3945_rs_tx_status().
>
> Signed-off-by: Tuo Li <islituo@gmail.com>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Thanks
Stanislaw
> ---
> v2:
> * Return early for uninitialized STA il data and align D_RATE messages with
> il3945_rs_tx_status(). Add a wifi: prefix to the patch title.
> Thanks to Stanislaw Gruszka for the helpful advice.
> ---
> drivers/net/wireless/intel/iwlegacy/3945-rs.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/wireless/intel/iwlegacy/3945-rs.c b/drivers/net/wireless/intel/iwlegacy/3945-rs.c
> index 1826c37c090c..c509c89bba00 100644
> --- a/drivers/net/wireless/intel/iwlegacy/3945-rs.c
> +++ b/drivers/net/wireless/intel/iwlegacy/3945-rs.c
> @@ -626,10 +626,15 @@ il3945_rs_get_rate(void *il_r, struct ieee80211_sta *sta, void *il_sta,
>
> D_RATE("enter\n");
>
> + if (!il_sta) {
> + D_RATE("leave: No STA il data to update!\n");
> + return;
> + }
> +
> /* Treat uninitialized rate scaling data same as non-existing. */
> - if (rs_sta && !rs_sta->il) {
> - D_RATE("Rate scaling information not initialized yet.\n");
> - il_sta = NULL;
> + if (!rs_sta->il) {
> + D_RATE("leave: STA il data uninitialized!\n");
> + return;
> }
>
> rate_mask = sta->deflink.supp_rates[sband->band];
> --
> 2.43.0
>
next prev parent reply other threads:[~2026-01-07 8:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-07 8:41 [PATCH v2] wifi: iwlegacy: 3945-rs: fix possible null-pointer dereferences in il3945_rs_get_rate() Tuo Li
2026-01-07 8:59 ` Stanislaw Gruszka [this message]
2026-01-08 12:02 ` Johannes Berg
2026-01-08 13:28 ` Tuo Li
2026-01-08 16:33 ` Stanislaw Gruszka
2026-01-09 2:42 ` Tuo Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260107085949.GA35258@wp.pl \
--to=stf_xl@wp.pl \
--cc=islituo@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.