* [PATCH wireless] wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write_txwi()
@ 2023-05-28 10:28 Lorenzo Bianconi
2023-05-31 11:15 ` Simon Horman
2023-06-01 13:17 ` Kalle Valo
0 siblings, 2 replies; 3+ messages in thread
From: Lorenzo Bianconi @ 2023-05-28 10:28 UTC (permalink / raw)
To: kvalo; +Cc: nbd, lorenzo.bianconi, linux-wireless
Fix possible NULL pointer dereference on mvif pointer in
mt7996_mac_write_txwi routine.
Fixes: 15ee62e73705 ("wifi: mt76: mt7996: enable BSS_CHANGED_BASIC_RATES support")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
---
.../net/wireless/mediatek/mt76/mt7996/mac.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mac.c b/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
index 39a4a73ef8e6..9b0f6053e0fa 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
@@ -1004,10 +1004,10 @@ void mt7996_mac_write_txwi(struct mt7996_dev *dev, __le32 *txwi,
{
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_vif *vif = info->control.vif;
- struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
u8 band_idx = (info->hw_queue & MT_TX_HW_QUEUE_PHY) >> 2;
u8 p_fmt, q_idx, omac_idx = 0, wmm_idx = 0;
bool is_8023 = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
+ struct mt7996_vif *mvif;
u16 tx_count = 15;
u32 val;
bool beacon = !!(changed & (BSS_CHANGED_BEACON |
@@ -1015,7 +1015,8 @@ void mt7996_mac_write_txwi(struct mt7996_dev *dev, __le32 *txwi,
bool inband_disc = !!(changed & (BSS_CHANGED_UNSOL_BCAST_PROBE_RESP |
BSS_CHANGED_FILS_DISCOVERY));
- if (vif) {
+ mvif = vif ? (struct mt7996_vif *)vif->drv_priv : NULL;
+ if (mvif) {
omac_idx = mvif->mt76.omac_idx;
wmm_idx = mvif->mt76.wmm_idx;
band_idx = mvif->mt76.band_idx;
@@ -1081,12 +1082,16 @@ void mt7996_mac_write_txwi(struct mt7996_dev *dev, __le32 *txwi,
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
bool mcast = ieee80211_is_data(hdr->frame_control) &&
is_multicast_ether_addr(hdr->addr1);
- u8 idx = mvif->basic_rates_idx;
+ u8 idx = MT7996_BASIC_RATES_TBL;
- if (mcast && mvif->mcast_rates_idx)
- idx = mvif->mcast_rates_idx;
- else if (beacon && mvif->beacon_rates_idx)
- idx = mvif->beacon_rates_idx;
+ if (mvif) {
+ if (mcast && mvif->mcast_rates_idx)
+ idx = mvif->mcast_rates_idx;
+ else if (beacon && mvif->beacon_rates_idx)
+ idx = mvif->beacon_rates_idx;
+ else
+ idx = mvif->basic_rates_idx;
+ }
txwi[6] |= cpu_to_le32(FIELD_PREP(MT_TXD6_TX_RATE, idx));
txwi[3] |= cpu_to_le32(MT_TXD3_BA_DISABLE);
--
2.40.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH wireless] wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write_txwi()
2023-05-28 10:28 [PATCH wireless] wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write_txwi() Lorenzo Bianconi
@ 2023-05-31 11:15 ` Simon Horman
2023-06-01 13:17 ` Kalle Valo
1 sibling, 0 replies; 3+ messages in thread
From: Simon Horman @ 2023-05-31 11:15 UTC (permalink / raw)
To: Lorenzo Bianconi; +Cc: kvalo, nbd, lorenzo.bianconi, linux-wireless
On Sun, May 28, 2023 at 12:28:49PM +0200, Lorenzo Bianconi wrote:
> Fix possible NULL pointer dereference on mvif pointer in
> mt7996_mac_write_txwi routine.
>
> Fixes: 15ee62e73705 ("wifi: mt76: mt7996: enable BSS_CHANGED_BASIC_RATES support")
> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH wireless] wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write_txwi()
2023-05-28 10:28 [PATCH wireless] wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write_txwi() Lorenzo Bianconi
2023-05-31 11:15 ` Simon Horman
@ 2023-06-01 13:17 ` Kalle Valo
1 sibling, 0 replies; 3+ messages in thread
From: Kalle Valo @ 2023-06-01 13:17 UTC (permalink / raw)
To: Lorenzo Bianconi; +Cc: nbd, lorenzo.bianconi, linux-wireless
Lorenzo Bianconi <lorenzo@kernel.org> wrote:
> Fix possible NULL pointer dereference on mvif pointer in
> mt7996_mac_write_txwi routine.
>
> Fixes: 15ee62e73705 ("wifi: mt76: mt7996: enable BSS_CHANGED_BASIC_RATES support")
> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
> Reviewed-by: Simon Horman <simon.horman@corigine.com>
Patch applied to wireless.git, thanks.
ead449023d3a wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write_txwi()
--
https://patchwork.kernel.org/project/linux-wireless/patch/2637628a84f42ad6d7b774e706f041d5b45c8cb5.1685269638.git.lorenzo@kernel.org/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-06-01 13:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-28 10:28 [PATCH wireless] wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write_txwi() Lorenzo Bianconi
2023-05-31 11:15 ` Simon Horman
2023-06-01 13:17 ` Kalle Valo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).