From: Markus Elfring <Markus.Elfring@web.de>
To: Qasim Ijaz <qasdev00@gmail.com>,
linux-wireless@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-arm-kernel@lists.infradead.org
Cc: LKML <linux-kernel@vger.kernel.org>,
Angelo Gioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
Bo Jiao <bo.jiao@mediatek.com>,
Dan Carpenter <dan.carpenter@linaro.org>,
Felix Fietkau <nbd@nbd.name>,
Johannes Berg <johannes@sipsolutions.net>,
Lorenzo Bianconi <lorenzo@kernel.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
Peter Chiu <chui-hao.chiu@mediatek.com>,
Ryder Lee <ryder.lee@mediatek.com>,
Sean Wang <sean.wang@mediatek.com>,
Shayne Chen <shayne.chen@mediatek.com>
Subject: Re: [PATCH] wifi: mt76: mt7996: avoid potential null deref in mt7996_get_et_stats()
Date: Sat, 22 Mar 2025 15:55:49 +0100 [thread overview]
Message-ID: <d1df5d97-4691-40d4-a6cc-416505f35164@web.de> (raw)
In-Reply-To: <20250322141910.4461-1-qasdev00@gmail.com>
> Ensure phy->mib is only accessed after the null sanity check for phy
> otherwise the code may trigger a potential null deref.
* Would you like to use the term “null pointer dereference” consistently?
* Were any known source code analysis tools involved also for
this software improvement?
…
> +++ b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
…
> @@ -1886,6 +1886,8 @@ void mt7996_get_et_stats(struct ieee80211_hw *hw,
> if (!phy)
> return;
>
> + mib = &phy->mib;
> +
> mutex_lock(&dev->mt76.mutex);
>
> mt7996_mac_update_stats(phy);
I suggest to move such an assignment statement directly before the place
where this variable is used finally.
Regards,
Markus
next prev parent reply other threads:[~2025-03-22 14:57 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-22 14:19 [PATCH] wifi: mt76: mt7996: avoid potential null deref in mt7996_get_et_stats() Qasim Ijaz
2025-03-22 14:55 ` Markus Elfring [this message]
2025-03-22 15:54 ` Johannes Berg
2025-03-23 11:59 ` James Dutton
2025-03-24 5:50 ` Dan Carpenter
2025-03-24 7:33 ` Markus Elfring
2025-03-24 7:43 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d1df5d97-4691-40d4-a6cc-416505f35164@web.de \
--to=markus.elfring@web.de \
--cc=angelogioacchino.delregno@collabora.com \
--cc=bo.jiao@mediatek.com \
--cc=chui-hao.chiu@mediatek.com \
--cc=dan.carpenter@linaro.org \
--cc=johannes@sipsolutions.net \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lorenzo@kernel.org \
--cc=matthias.bgg@gmail.com \
--cc=nbd@nbd.name \
--cc=qasdev00@gmail.com \
--cc=ryder.lee@mediatek.com \
--cc=sean.wang@mediatek.com \
--cc=shayne.chen@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox