]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c29f2c7)
wifi: mt76: scan: Fix 'mlink' dereferenced before IS_ERR_OR_NULL check
authorFeng Jiang <jiangfeng@kylinos.cn>
Wed, 2 Apr 2025 06:24:15 +0000 (14:24 +0800)
committerFelix Fietkau <nbd@nbd.name>
Thu, 22 May 2025 10:57:32 +0000 (12:57 +0200)
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202504011739.HvUKtUUe-lkp@intel.com/
Fixes: 3ba20af886d1 ("wifi: mt76: scan: set vif offchannel link for scanning/roc")
Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
Link: https://patch.msgid.link/20250402062415.25434-1-jiangfeng@kylinos.cn
Signed-off-by: Felix Fietkau <nbd@nbd.name>
drivers/net/wireless/mediatek/mt76/channel.c patch | blob | blame | history

diff --git a/drivers/net/wireless/mediatek/mt76/channel.c b/drivers/net/wireless/mediatek/mt76/channel.c
index e7b839e74290345717ea1f9b9fcaeba8a15ad3fa..cc2d888e3f17a58512e6282686b446109ec7ab3c 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/channel.c
+++ b/drivers/net/wireless/mediatek/mt76/channel.c
@@ -302,11 +302,13 @@ void mt76_put_vif_phy_link(struct mt76_phy *phy, struct ieee80211_vif *vif,
                           struct mt76_vif_link *mlink)
 {
        struct mt76_dev *dev = phy->dev;
-       struct mt76_vif_data *mvif = mlink->mvif;
+       struct mt76_vif_data *mvif;
 
        if (IS_ERR_OR_NULL(mlink) || !mlink->offchannel)
                return;
 
+       mvif = mlink->mvif;
+
        rcu_assign_pointer(mvif->offchannel_link, NULL);
        dev->drv->vif_link_remove(phy, vif, &vif->bss_conf, mlink);
        kfree(mlink);
A mirror of Linus' kernel repository