git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Felix Fietkau <nbd@nbd.name>
	Tue, 24 Mar 2026 15:49:03 +0000 (15:49 +0000)
committer	Felix Fietkau <nbd@nbd.name>
	Tue, 9 Jun 2026 10:15:20 +0000 (10:15 +0000)
commit	7ec087fef32a88410488b764b0f5eef68e51175f
tree	63f55304061655a771b1fb3bf49f2d0e959eb4ff	tree \| snapshot
parent	2172c96a1eb495966923ebbbe5965e3158875534	commit \| diff

wifi: mt76: mt7996: fix out-of-bounds array access during hardware restart

During hardware restart, link_id can be IEEE80211_LINK_UNSPECIFIED,
causing an out-of-bounds array access on msta->link[].

Add mt7996_sta_link() and mt7996_sta_link_protected() helper functions
for accessing sta links with proper RCU handling and bounds checking.
Use them for any sta link RCU access.

Reported-by: Chad Monroe <chad@monroe.io>
Link: https://patch.msgid.link/20260324154904.2555603-1-nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>

drivers/net/wireless/mediatek/mt76/mt7996/debugfs.c		diff \| blob \| blame \| history
drivers/net/wireless/mediatek/mt76/mt7996/mac.c		diff \| blob \| blame \| history
drivers/net/wireless/mediatek/mt76/mt7996/main.c		diff \| blob \| blame \| history
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c		diff \| blob \| blame \| history
drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h		diff \| blob \| blame \| history