Lorenzo Bianconi <lorenzo.bianconi@xxxxxxxxxx> writes:
> Starting from mac80211 commit adf8ed01e4fd ("mac80211: add an optional
> TXQ for other PS-buffered frames") and commit 0eeb2b674f05 ("mac80211:
> add an option for station management TXQ") a new per-sta queue has been
> introduced for bufferable management frames.
> sta->txq[IEEE80211_NUM_TIDS] is initialized just if the driver reports
> the following hw flags:
> - IEEE80211_HW_STA_MMPDU_TXQ
> - IEEE80211_HW_BUFF_MMPDU_TXQ
> This can produce a NULL pointer dereference in mt76_stop_tx_queues
> since mt76 iterates on all available sta tx queues assuming they are
> initialized by mac80211. This issue has been spotted analyzing the code
> (it has not triggered any crash yet)
>
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@xxxxxxxxxx>
A very good commit log, thanks for that!
> This patch is for 4.20
Ok, I'll wait for review comments and then queue this for 4.20.
BTW, it would make my patch sorting easier if you could add a release
label in the subject:
[PATCH 4.20] mt76: fix potential NULL pointer dereference in mt76_stop_tx_queues
More info:
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches#tree_labels
--
Kalle Valo
