]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7011fae)
wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor()
authorQasim Ijaz <qasdev00@gmail.com>
Mon, 21 Apr 2025 11:25:44 +0000 (12:25 +0100)
committerFelix Fietkau <nbd@nbd.name>
Wed, 21 May 2025 12:49:39 +0000 (14:49 +0200)
The function mt7996_set_monitor() dereferences phy before
the NULL sanity check.

Fix this to avoid NULL pointer dereference by moving the
dereference after the check.

Fixes: 69d54ce7491d ("wifi: mt76: mt7996: switch to single multi-radio wiphy")
Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
Link: https://patch.msgid.link/20250421112544.13430-1-qasdev00@gmail.com
Signed-off-by: Felix Fietkau <nbd@nbd.name>
drivers/net/wireless/mediatek/mt76/mt7996/main.c patch | blob | blame | history

diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/main.c b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
index 70823bbb165c7e2720d1762fa1159ba747a31389..5ec4f979328653284966b4c2d6afb827f344a1df 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt7996/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
@@ -414,11 +414,13 @@ static void mt7996_phy_set_rxfilter(struct mt7996_phy *phy)
 
 static void mt7996_set_monitor(struct mt7996_phy *phy, bool enabled)
 {
-       struct mt7996_dev *dev = phy->dev;
+       struct mt7996_dev *dev;
 
        if (!phy)
                return;
 
+       dev = phy->dev;
+
        if (enabled == !(phy->rxfilter & MT_WF_RFCR_DROP_OTHER_UC))
                return;
 
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git