[PATCH] mac80211: fix NULL pointer dereference when switching to monitor mode

[PATCH] mac80211: fix NULL pointer dereference when switching to monitor mode

[Dhyan K Prajapati]

When switching an interface to monitor mode, ieee80211_link_info_change_notify()
incorrectly sends BSS change notifications to drivers, even though monitor
interfaces have no associated BSS context. This causes NULL pointer dereferences
in drivers like iwldvm.

The bug occurs because the current code only returns early for monitor interfaces
when WANT_MONITOR_VIF is NOT set. When WANT_MONITOR_VIF IS set, execution breaks
from the switch statement and falls through to drv_link_info_changed(), which
triggers the crash when the driver attempts to dereference link->conf->bss.

Crash trace:
  RIP: iwlagn_bss_info_changed+0x19d/0x640 [iwldvm]
  Code: 49 8b 46 10 <8b> 10
  RAX: 0000000000000000 (NULL link->conf->bss)

Fix by unconditionally returning early for IFTYPE_MONITOR, consistent with
IFTYPE_AP_VLAN handling. Also simplify by merging both cases.

Device: Intel Centrino Advanced-N 6205

Signed-off-by: Dhyan K Prajapati <dhyan19022009@gmail.com>
---
 net/mac80211/main.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index b05e313c7..bc93df21e 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -412,11 +412,8 @@ void ieee80211_link_info_change_notify(struct ieee80211_sub_if_data *sdata,
 
 	switch (sdata->vif.type) {
 	case NL80211_IFTYPE_AP_VLAN:
-		return;
 	case NL80211_IFTYPE_MONITOR:
-		if (!ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF))
-			return;
-		break;
+		return;
 	default:
 		break;
 	}
-- 
2.43.0