[PATCH] mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr
Ryder Lee
ryder.lee at mediatek.com
Thu Dec 2 22:04:54 PST 2021
Get rid of unsafe access since mt76_insert_ccmp_hdr moves the header.
Signed-off-by: Ryder Lee <ryder.lee at mediatek.com>
---
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 3 ++-
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
index 5757284b24a5..c8747f59ba51 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
@@ -777,7 +777,7 @@ mt7915_mac_fill_rx(struct mt7915_dev *dev, struct sk_buff *skb)
}
if (!hdr_trans) {
- struct ieee80211_hdr *hdr = mt76_skb_get_hdr(skb);
+ struct ieee80211_hdr *hdr;
if (insert_ccmp_hdr) {
u8 key_id = FIELD_GET(MT_RXD1_NORMAL_KEY_ID, rxd1);
@@ -785,6 +785,7 @@ mt7915_mac_fill_rx(struct mt7915_dev *dev, struct sk_buff *skb)
mt76_insert_ccmp_hdr(skb, key_id);
}
+ hdr = mt76_skb_get_hdr(skb);
fc = hdr->frame_control;
if (ieee80211_is_data_qos(fc)) {
seq_ctrl = le16_to_cpu(hdr->seq_ctrl);
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
index 30cce5743731..edf54b192f37 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
@@ -772,7 +772,7 @@ mt7921_mac_fill_rx(struct mt7921_dev *dev, struct sk_buff *skb)
}
if (!hdr_trans) {
- struct ieee80211_hdr *hdr = mt76_skb_get_hdr(skb);
+ struct ieee80211_hdr *hdr;
if (insert_ccmp_hdr) {
u8 key_id = FIELD_GET(MT_RXD1_NORMAL_KEY_ID, rxd1);
--
2.29.2
More information about the Linux-mediatek
mailing list