tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

wifi: mt76: mt7996: fix null pointer deref in mt7996_conf_tx()

If a link does not have an assigned channel yet, mt7996_vif_link returns
NULL. We still need to store the updated queue settings in that case, and
apply them later.
Move the location of the queue params to within struct mt7996_vif_link.

Fixes: c0df2f0caa8d ("wifi: mt76: mt7996: prepare mt7996_mcu_set_tx for MLO support")
Acked-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://patch.msgid.link/20250929111723.52486-1-nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Felix Fietkau 79277f8a a8e5a110

+13 -5
+3 -3
drivers/net/wireless/mediatek/mt76/mt7996/main.c
··· 665 665 unsigned int link_id, u16 queue, 666 666 const struct ieee80211_tx_queue_params *params) 667 667 { 668 - struct mt7996_dev *dev = mt7996_hw_dev(hw); 669 - struct mt7996_vif_link *mlink = mt7996_vif_link(dev, vif, link_id); 668 + struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv; 669 + struct mt7996_vif_link_info *link_info = &mvif->link_info[link_id]; 670 670 static const u8 mq_to_aci[] = { 671 671 [IEEE80211_AC_VO] = 3, 672 672 [IEEE80211_AC_VI] = 2, ··· 675 675 }; 676 676 677 677 /* firmware uses access class index */ 678 - mlink->queue_params[mq_to_aci[queue]] = *params; 678 + link_info->queue_params[mq_to_aci[queue]] = *params; 679 679 /* no need to update right away, we'll get BSS_CHANGED_QOS */ 680 680 681 681 return 0;
+4 -1
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c
··· 3414 3414 #define WMM_PARAM_SET (WMM_AIFS_SET | WMM_CW_MIN_SET | \ 3415 3415 WMM_CW_MAX_SET | WMM_TXOP_SET) 3416 3416 struct mt7996_vif_link *link = mt7996_vif_conf_link(dev, vif, link_conf); 3417 + struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv; 3418 + unsigned int link_id = link_conf->link_id; 3419 + struct mt7996_vif_link_info *link_info = &mvif->link_info[link_id]; 3417 3420 struct { 3418 3421 u8 bss_idx; 3419 3422 u8 __rsv[3]; ··· 3434 3431 skb_put_data(skb, &hdr, sizeof(hdr)); 3435 3432 3436 3433 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 3437 - struct ieee80211_tx_queue_params *q = &link->queue_params[ac]; 3434 + struct ieee80211_tx_queue_params *q = &link_info->queue_params[ac]; 3438 3435 struct edca *e; 3439 3436 struct tlv *tlv; 3440 3437
+6 -1
drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h
··· 253 253 struct mt7996_sta_link msta_link; 254 254 struct mt7996_phy *phy; 255 255 256 - struct ieee80211_tx_queue_params queue_params[IEEE80211_NUM_ACS]; 257 256 struct cfg80211_bitrate_mask bitrate_mask; 258 257 259 258 u8 mld_idx; 260 259 }; 261 260 261 + struct mt7996_vif_link_info { 262 + struct ieee80211_tx_queue_params queue_params[IEEE80211_NUM_ACS]; 263 + }; 264 + 262 265 struct mt7996_vif { 263 266 struct mt7996_vif_link deflink; /* must be first */ 264 267 struct mt76_vif_data mt76; 268 + 269 + struct mt7996_vif_link_info link_info[IEEE80211_MLD_MAX_NUM_LINKS]; 265 270 266 271 u8 mld_group_idx; 267 272 u8 mld_remap_idx;