From: Kalle Valo <kvalo@kernel.org>
To: Bert Karwatzki <spasswolf@web.de>
Cc: Felix Fietkau <nbd@nbd.name>, Sean Wang <sean.wang@kernel.org>,
deren.wu@mediatek.com, linux-mediatek@lists.infradead.org,
linux-wireless@vger.kernel.org, lorenzo.bianconi@redhat.com,
mingyen.hsieh@mediatek.com, sean.wang@mediatek.com,
linux-kernel@vger.kernel.org
Subject: Re: patch 46/47 causes NULL pointer deref on mt7921
Date: Mon, 12 Aug 2024 13:29:01 +0300 [thread overview]
Message-ID: <87y15211ci.fsf@kernel.org> (raw)
In-Reply-To: <62226273aaafafda1a4f3abc0f8c95220407b3a7.camel@web.de> (Bert Karwatzki's message of "Mon, 12 Aug 2024 10:57:31 +0200")
Bert Karwatzki <spasswolf@web.de> writes:
> Am Dienstag, dem 06.08.2024 um 13:22 +0200 schrieb Bert Karwatzki:
>> Am Mittwoch, dem 31.07.2024 um 11:51 +0300 schrieb Kalle Valo:
>> > Bert Karwatzki <spasswolf@web.de> writes:
>> >
>> > > Am Mittwoch, dem 17.07.2024 um 17:25 +0200 schrieb Felix Fietkau:
>> > >
>> > > > On 17.07.24 16:38, Bert Karwatzki wrote:
>> > > >
>> > > > > So mvif->phy can be NULL at the start of mt7921_ipv6_addr_change. The early
>> > > > > return in that case avoids the NULL pointer and mvif->phy
>> > > > > has its usual value
>> > > > > again on the next call to mt7921_ipv6_addr_change so Wifi is
>> > > > > working again. I
>> > > > > don't know how this could happen but perhaps you have an idea.
>> > > >
>> > > > This change should fix it: https://nbd.name/p/0747f54f
>> > > > Please test.
>> > >
>> > > The BUG is still present in linux-6.11-rc1.
>> >
>> > I'm not sure what's the status with this. There's one mt76 patch going
>> > to v6.11-rc2:
>> >
>> > https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=6557a28f3e3a54cff4f0dcdd1dfa649b26557ab3
>> >
>> > But that looks to be a fix for a different problem, right? Felix, are
>> > you planning to submit that 0747f54f as a proper patch? I could then
>> > take it to wireless tree.
>> >
>> The Bug is still present in linux-6.11-rc2 and linux-next-20240806. Also the
>> mvif->phy NULL check in the original patch is not neccessary (and feels a little
>> out of place as mvif->phy is not needed anymore). This patch is sufficient to
>> fix the NULL pointer dereference:
>> diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
>> b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
>> index 1bab93d049df..23b228804289 100644
>> --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
>> +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
>> @@ -1183,7 +1183,7 @@ static void mt7921_ipv6_addr_change(struct ieee80211_hw
>> *hw,
>> struct inet6_dev *idev)
>> {
>> struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
>> - struct mt792x_dev *dev = mvif->phy->dev;
>> + struct mt792x_dev *dev = mt792x_hw_dev(hw);
>> struct inet6_ifaddr *ifa;
>> struct in6_addr ns_addrs[IEEE80211_BSS_ARP_ADDR_LIST_LEN];
>> struct sk_buff *skb;
>>
>> Bert Karwatzki
>
> This error is still present in v6.11-rc3.
Bert, can you send your fix as a proper patch? More information in the
wiki below and please mark it for wireless tree.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
prev parent reply other threads:[~2024-08-12 10:29 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-11 17:51 patch 46/47 causes NULL pointer deref on mt7921 Bert Karwatzki
2024-07-11 18:05 ` Bert Karwatzki
2024-07-11 23:40 ` Sean Wang
2024-07-12 8:57 ` Bert Karwatzki
2024-07-12 11:06 ` Bert Karwatzki
2024-07-17 14:38 ` Bert Karwatzki
2024-07-17 15:25 ` Felix Fietkau
2024-07-17 17:05 ` Bert Karwatzki
2024-07-18 1:10 ` Bert Karwatzki
2024-07-18 10:42 ` Bert Karwatzki
2024-07-18 10:43 ` Bert Karwatzki
2024-07-29 11:12 ` Bert Karwatzki
2024-07-31 8:51 ` Kalle Valo
2024-08-06 11:22 ` Bert Karwatzki
2024-08-12 8:57 ` Bert Karwatzki
2024-08-12 10:29 ` Kalle Valo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y15211ci.fsf@kernel.org \
--to=kvalo@kernel.org \
--cc=deren.wu@mediatek.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lorenzo.bianconi@redhat.com \
--cc=mingyen.hsieh@mediatek.com \
--cc=nbd@nbd.name \
--cc=sean.wang@kernel.org \
--cc=sean.wang@mediatek.com \
--cc=spasswolf@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.