[...]
> >
> >I guess there is an use-after-free here since sar is freed at the end of nl80211_set_sar_specs, right?
> >
>
> Nope, there is no use-after-free case happens here because frp->range just points to an entry of const struct cfg80211_sar_specs table, not the one created from nl80211_set_sar_specs.
ack, right. I misread the code.
Regards,
Lorenzo
>
> >Regards,
> >Lorenzo
> >
> >> + frp->power = power;
> >> + }
> >> +
> >> + err = mt76_connac_mcu_set_rate_txpower(mphy);
> >> +
> >> +out:
> >> + mt7921_mutex_release(dev);
> >> +
> >> + return err;
> >> +}
> >> +
> >> const struct ieee80211_ops mt7921_ops = {
> >> .tx = mt7921_tx,
> >> .start = mt7921_start,
> >> @@ -1209,4 +1253,5 @@ const struct ieee80211_ops mt7921_ops = {
> >> .set_rekey_data = mt7921_set_rekey_data, #endif /* CONFIG_PM */
> >> .flush = mt7921_flush,
> >> + .set_sar_specs = mt7921_set_sar_specs,
> >> };
> >> --
> >> 2.25.1
> >>
Attachment:
signature.asc
Description: PGP signature
