mediatek: mt76: Fix null pointer access

Fix null pointer dereference issue during Authentication stage and add sanity check in mt7915_sta_statistics Signed-off-by: John Crispin <[email protected]>
Telecominfraproject · Jul 11, 2024 · 5eb9df2 · 5eb9df2
1 parent 6f2bd22
commit 5eb9df2
Showing 1 changed file with 21 additions and 11 deletions.
diff --git a/feeds/mediatek-sdk/mt76/patches/2012-wifi-mt76-mt7915-wed-add-per-bss-statistic-info.patch b/feeds/mediatek-sdk/mt76/patches/2012-wifi-mt76-mt7915-wed-add-per-bss-statistic-info.patch
@@ -1,20 +1,20 @@
-From ba04dd5323962bbed89405ceb8d7fd9c6796f09a Mon Sep 17 00:00:00 2001
+From 4e0a12871b8c134c99bd702f425c492ddc1f50b6 Mon Sep 17 00:00:00 2001
 From: Evelyn Tsai <[email protected]>
 Date: Wed, 1 Nov 2023 07:50:08 +0800
-Subject: [PATCH 2012/2014] wifi: mt76: mt7915: wed: add per bss statistic info
+Subject: [PATCH 1/5] wifi: mt76: mt7915: wed: add per bss statistic info
 
 ---
  mt7915/init.c        |  1 +
  mt7915/mac.c         | 21 +++++++++++++++++++++
- mt7915/main.c        |  2 +-
+ mt7915/main.c        |  5 ++++-
  mt7915/mcu.c         | 30 +++++++++++++++++++++++++++---
  mt7915/mmio.c        | 26 +++++++++++++++++++++++++-
  mt7915/mt7915.h      |  3 ++-
  mt7915/mtk_debugfs.c |  2 +-
- 7 files changed, 78 insertions(+), 7 deletions(-)
+ 7 files changed, 81 insertions(+), 7 deletions(-)
 
 diff --git a/mt7915/init.c b/mt7915/init.c
-index 16c3632..e5327be 100644
+index f38c8a1..7bc8039 100644
 --- a/mt7915/init.c
 +++ b/mt7915/init.c
 @@ -400,6 +400,7 @@ mt7915_init_wiphy(struct mt7915_phy *phy)
@@ -79,10 +79,20 @@ index 02f794d..0c12170 100644
  		spin_lock_bh(&phy->stats_lock);
  	}
 diff --git a/mt7915/main.c b/mt7915/main.c
-index 199ce82..17a380b 100644
+index feb2c89..722635e 100644
 --- a/mt7915/main.c
 +++ b/mt7915/main.c
-@@ -1245,7 +1245,7 @@ static void mt7915_sta_statistics(struct ieee80211_hw *hw,
+@@ -1219,6 +1219,9 @@ static void mt7915_sta_statistics(struct ieee80211_hw *hw,
+ 	struct rate_info *txrate = &msta->wcid.rate;
+ 	struct rate_info rxrate = {};
+
++	if (msta->wcid.idx == 0)
++		return;
++
+ 	if (is_connac_v2(&phy->dev->mt76) &&
+ 	    !mt7915_mcu_get_rx_rate(phy, vif, sta, &rxrate)) {
+ 		sinfo->rxrate = rxrate;
+@@ -1247,7 +1250,7 @@ static void mt7915_sta_statistics(struct ieee80211_hw *hw,
  		sinfo->tx_bytes = msta->wcid.stats.tx_bytes;
  		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES64);
 
@@ -92,7 +102,7 @@ index 199ce82..17a380b 100644
  			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
  		}
 diff --git a/mt7915/mcu.c b/mt7915/mcu.c
-index d9d4fea..f0273fe 100644
+index 708e7cd..342fe42 100644
 --- a/mt7915/mcu.c
 +++ b/mt7915/mcu.c
 @@ -4750,7 +4750,8 @@ int mt7915_mcu_twt_agrt_update(struct mt7915_dev *dev,
@@ -189,10 +199,10 @@ index 6309dd9..142f308 100644
  }
 
 diff --git a/mt7915/mt7915.h b/mt7915/mt7915.h
-index c5bacf8..696b64e 100644
+index 945c82e..6e7ed9e 100644
 --- a/mt7915/mt7915.h
 +++ b/mt7915/mt7915.h
-@@ -754,7 +754,8 @@ int mt7915_mcu_get_rx_rate(struct mt7915_phy *phy, struct ieee80211_vif *vif,
+@@ -756,7 +756,8 @@ int mt7915_mcu_get_rx_rate(struct mt7915_phy *phy, struct ieee80211_vif *vif,
  			   struct ieee80211_sta *sta, struct rate_info *rate);
  int mt7915_mcu_rdd_background_enable(struct mt7915_phy *phy,
  				     struct cfg80211_chan_def *chandef);
@@ -203,7 +213,7 @@ index c5bacf8..696b64e 100644
  int mt7915_mcu_rf_regval(struct mt7915_dev *dev, u32 regidx, u32 *val, bool set);
  int mt7915_mcu_wa_cmd(struct mt7915_dev *dev, int cmd, u32 a1, u32 a2, u32 a3);
 diff --git a/mt7915/mtk_debugfs.c b/mt7915/mtk_debugfs.c
-index a80ddeb..129a4dd 100644
+index c63bf90..2c9f198 100644
 --- a/mt7915/mtk_debugfs.c
 +++ b/mt7915/mtk_debugfs.c
 @@ -4034,7 +4034,7 @@ static int mt7915_reset_counter(void *data, u64 val)