[PATCH ath-next 0/2] wifi: ath12k: fix NULL deref when MLO link activation fails
Baochen Qiang
baochen.qiang at oss.qualcomm.com
Sun May 31 19:56:08 PDT 2026
On 5/12/2026 12:49 PM, Wei Zhang wrote:
> ath12k_mac_op_change_sta_links() adds a link to ahsta->links_map
> before verifying that the link's vdev is ready, allowing broken links
> to be processed by subsequent operations and causing NULL dereferences.
>
> Patch 1 fixes three error path inconsistencies in ath12k_mac_vdev_create()
> that leave arvif state or vdev resources inconsistent: a direct return on
> wmi_vdev_create failure bypasses err: which clears arvif->ar; and both
> failure paths in err_peer_del skip the DP peer cleanup and vdev rollback.
>
> Patch 2 uses arvif->is_created (made reliable by patch 1) to guard
> against links with no vdev before allocating a link station, preventing
> broken links from entering links_map.
>
> Wei Zhang (2):
> wifi: ath12k: fix inconsistent arvif state in vdev_create error paths
> wifi: ath12k: fix NULL deref in change_sta_links for unready link
>
> drivers/net/wireless/ath/ath12k/mac.c | 17 ++++++++---------
> 1 file changed, 8 insertions(+), 9 deletions(-)
>
> base-commit: 7b25796f571fc09a7aa6fe7efb23edccd326917d
Reviewed-by: Baochen Qiang <baochen.qiang at oss.qualcomm.com>
More information about the ath12k
mailing list