| From f5ae9388d3c76640043c4dd4a64ebc9c8eed96e5 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Tue, 27 Apr 2021 12:05:00 +0200 |
| Subject: mt76: fix possible NULL pointer dereference in mt76_tx |
| |
| From: Lorenzo Bianconi <lorenzo@kernel.org> |
| |
| [ Upstream commit d7400a2f3e295b8cee692c7a66e10f60015a3c37 ] |
| |
| Even if this is not a real issue since mt76_tx is never run with wcid set |
| to NULL, fix a theoretical NULL pointer dereference in mt76_tx routine |
| |
| Fixes: db9f11d3433f7 ("mt76: store wcid tx rate info in one u32 reduce locking") |
| Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> |
| Signed-off-by: Felix Fietkau <nbd@nbd.name> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/net/wireless/mediatek/mt76/tx.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/drivers/net/wireless/mediatek/mt76/tx.c b/drivers/net/wireless/mediatek/mt76/tx.c |
| index 44ef4bc7a46e..073c29eb2ed8 100644 |
| --- a/drivers/net/wireless/mediatek/mt76/tx.c |
| +++ b/drivers/net/wireless/mediatek/mt76/tx.c |
| @@ -278,7 +278,7 @@ mt76_tx(struct mt76_phy *phy, struct ieee80211_sta *sta, |
| skb_set_queue_mapping(skb, qid); |
| } |
| |
| - if (!(wcid->tx_info & MT_WCID_TX_INFO_SET)) |
| + if (wcid && !(wcid->tx_info & MT_WCID_TX_INFO_SET)) |
| ieee80211_get_tx_rates(info->control.vif, sta, skb, |
| info->control.rates, 1); |
| |
| -- |
| 2.30.2 |
| |
