Hi Kalle, Since net-next is closed now I guess we can consider this patch for wireless-drivers Regards, Lorenzo
--- Begin Message ---
- To: nbd@xxxxxxxx
- Subject: [PATCH] mt76: mt76s: fix NULL pointer dereference in mt76s_process_tx_queue
- From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
- Date: Tue, 8 Dec 2020 10:18:11 +0100
- Cc: linux-wireless@xxxxxxxxxxxxxxx, lorenzo.bianconi@xxxxxxxxxx
- Delivered-to: lbiancon@xxxxxxxxxxxxxxxx
- Delivered-to: lbiancon@xxxxxxxxxx
Fix a possible NULL pointer dereference in mt76s_process_tx_queue that can occur if status thread runs before allocating tx queues Fixes: 6a618acb7e62 ("mt76: sdio: convert {status/net}_work to mt76_worker") Signed-off-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx> --- drivers/net/wireless/mediatek/mt76/sdio.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/sdio.c b/drivers/net/wireless/mediatek/mt76/sdio.c index 7cd995118257..0b6facb17ff7 100644 --- a/drivers/net/wireless/mediatek/mt76/sdio.c +++ b/drivers/net/wireless/mediatek/mt76/sdio.c @@ -157,10 +157,14 @@ static void mt76s_net_worker(struct mt76_worker *w) static int mt76s_process_tx_queue(struct mt76_dev *dev, struct mt76_queue *q) { - bool mcu = q == dev->q_mcu[MT_MCUQ_WM]; struct mt76_queue_entry entry; int nframes = 0; + bool mcu; + if (!q) + return 0; + + mcu = q == dev->q_mcu[MT_MCUQ_WM]; while (q->queued > 0) { if (!q->entry[q->tail].done) break; -- 2.28.0
--- End Message ---
Attachment:
signature.asc
Description: PGP signature
