[PATCH] mt76: mt7915: fix msta->wcid use-after-free in mt76_tx_status_check()
Bo Jiao
bo.jiao at mediatek.com
Tue Apr 19 20:14:51 PDT 2022
From: Bo Jiao <Bo.Jiao at mediatek.com>
fix msta->wcid use-after-free in mt76_tx_status_check when the sta
has been removed.
Signed-off-by: Bo Jiao <Bo.Jiao at mediatek.com>
---
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/main.c b/drivers/net/wireless/mediatek/mt76/mt7915/main.c
index 800f720..160d80e 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/main.c
@@ -701,6 +701,11 @@ void mt7915_mac_sta_remove(struct mt76_dev *mdev, struct ieee80211_vif *vif,
if (!list_empty(&msta->rc_list))
list_del_init(&msta->rc_list);
spin_unlock_bh(&dev->sta_poll_lock);
+
+ spin_lock_bh(&mdev->status_lock);
+ if (!list_empty(&msta->wcid.list))
+ list_del_init(&msta->wcid.list);
+ spin_unlock_bh(&mdev->status_lock);
}
static void mt7915_tx(struct ieee80211_hw *hw,
--
2.18.0
More information about the Linux-mediatek
mailing list