diff mbox

[1/2] mt76: fix possible NULL pointer dereferencing in mt76x2_ampdu_action()

Message ID 18a56326d68a7d53f3197e450cae0e28382d8d2c.1513252573.git.lorenzo.bianconi@redhat.com (mailing list archive)
State Accepted
Commit 99ac5327e902a56ca21365ed3d6e5249fe296ba6
Delegated to: Kalle Valo
Headers show

Commit Message

Lorenzo Bianconi Dec. 14, 2017, 12:03 p.m. UTC 
Initialize mt76_txq pointer after ieee80211_txq pointer check.
Remove space after the pointer cast

Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
---
 drivers/net/wireless/mediatek/mt76/mt76x2_main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Kalle Valo Jan. 8, 2018, 5:35 p.m. UTC | #1 
Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote:

> Initialize mt76_txq pointer after ieee80211_txq pointer check.
> Remove space after the pointer cast
> 
> Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e")
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>

What am I supposed to do with this and patch 2? Drop?
Lorenzo Bianconi Jan. 8, 2018, 5:44 p.m. UTC | #2 
> Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote:
>
>> Initialize mt76_txq pointer after ieee80211_txq pointer check.
>> Remove space after the pointer cast
>>
>> Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e")
>> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
>
> What am I supposed to do with this and patch 2? Drop?

Hi Kalle,

What do you mean? Why drop?

Regards,
Lorenzo

>
> --
> https://patchwork.kernel.org/patch/10111937/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
>
Kalle Valo Jan. 8, 2018, 6:16 p.m. UTC | #3 
Lorenzo Bianconi <lorenzo.bianconi@redhat.com> writes:

>> Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote:
>>
>>> Initialize mt76_txq pointer after ieee80211_txq pointer check.
>>> Remove space after the pointer cast
>>>
>>> Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e")
>>> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
>>
>> What am I supposed to do with this and patch 2? Drop?
>
> What do you mean? Why drop?

I didn't see Felix's ack, at least not on patchwork.
Lorenzo Bianconi Jan. 8, 2018, 6:30 p.m. UTC | #4 
> Lorenzo Bianconi <lorenzo.bianconi@redhat.com> writes:
>
>>> Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote:
>>>
>>>> Initialize mt76_txq pointer after ieee80211_txq pointer check.
>>>> Remove space after the pointer cast
>>>>
>>>> Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e")
>>>> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
>>>
>>> What am I supposed to do with this and patch 2? Drop?
>>
>> What do you mean? Why drop?
>
> I didn't see Felix's ack, at least not on patchwork.
>
> --
> Kalle Valo

They should be fine since he merged them in mt76 github repo:
- https://github.com/openwrt/mt76/commit/ca5ca8c779932e7cab3224053377b29f139904b9
- https://github.com/openwrt/mt76/commit/2d4b8f57cc5e3101d45785ae9a9f1eb6fc229de9

Anyway we can wait for him, up to you.
Regards,

Lorenzo
Felix Fietkau Jan. 17, 2018, 10:26 a.m. UTC | #5 
On 2018-01-08 19:16, Kalle Valo wrote:
> Lorenzo Bianconi <lorenzo.bianconi@redhat.com> writes:
> 
>>> Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote:
>>>
>>>> Initialize mt76_txq pointer after ieee80211_txq pointer check.
>>>> Remove space after the pointer cast
>>>>
>>>> Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e")
>>>> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
>>>
>>> What am I supposed to do with this and patch 2? Drop?
>>
>> What do you mean? Why drop?
> 
> I didn't see Felix's ack, at least not on patchwork.
I sent my ack (for both patches) as a reply to 0/2
These patches should go in.

- Felix
Kalle Valo Jan. 17, 2018, 2:50 p.m. UTC | #6 
Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote:

> Initialize mt76_txq pointer after ieee80211_txq pointer check.
> Remove space after the pointer cast
> 
> Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e")
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>

2 patches applied to wireless-drivers-next.git, thanks.

99ac5327e902 mt76: fix possible NULL pointer dereferencing in mt76x2_ampdu_action()
98051872fd25 mt76: fix possible NULL pointer dereferencing in mt76x2_mac_write_txwi()
Kalle Valo Jan. 17, 2018, 2:50 p.m. UTC | #7 
Felix Fietkau <nbd@nbd.name> writes:

> On 2018-01-08 19:16, Kalle Valo wrote:
>> Lorenzo Bianconi <lorenzo.bianconi@redhat.com> writes:
>> 
>>>> Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote:
>>>>
>>>>> Initialize mt76_txq pointer after ieee80211_txq pointer check.
>>>>> Remove space after the pointer cast
>>>>>
>>>>> Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e")
>>>>> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
>>>>
>>>> What am I supposed to do with this and patch 2? Drop?
>>>
>>> What do you mean? Why drop?
>> 
>> I didn't see Felix's ack, at least not on patchwork.
>
> I sent my ack (for both patches) as a reply to 0/2

Ah. patchwork is annoying as it doesn't show the cover letter at all so
I missed that.

> These patches should go in.

These two are applied now.
Sven Eckelmann Jan. 17, 2018, 3:56 p.m. UTC | #8 
On Mittwoch, 17. Januar 2018 16:50:23 CET Kalle Valo wrote:
[...]
> >> I didn't see Felix's ack, at least not on patchwork.
> >
> > I sent my ack (for both patches) as a reply to 0/2
> 
> Ah. patchwork is annoying as it doesn't show the cover letter at all so
> I missed that.

Newer version at least can track the series and their cover letters. This is 
not completely what you want but at least there is hope. Here is an example: 
https://patchwork.open-mesh.org/cover/17240/ (you can use "Related" to see all 
the patches in the series).

Kind regards,
	Sven
Kalle Valo Jan. 23, 2018, 5:14 a.m. UTC | #9 
Sven Eckelmann <sven@narfation.org> writes:

> On Mittwoch, 17. Januar 2018 16:50:23 CET Kalle Valo wrote:
> [...]
>> >> I didn't see Felix's ack, at least not on patchwork.
>> >
>> > I sent my ack (for both patches) as a reply to 0/2
>> 
>> Ah. patchwork is annoying as it doesn't show the cover letter at all so
>> I missed that.
>
> Newer version at least can track the series and their cover letters. This is 
> not completely what you want but at least there is hope. Here is an example: 
> https://patchwork.open-mesh.org/cover/17240/ (you can use "Related" to see all 
> the patches in the series).

Nice, looking forward to see that version in patchwork.kernel.org. My
ultimate goal is that I could doo all my maintenance work via my
patchwork script and not touch my email client at all. That's getting
closer.
diff mbox

Patch

diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2_main.c b/drivers/net/wireless/mediatek/mt76/mt76x2_main.c
index 2cef48edb275..33469e32567b 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x2_main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x2_main.c
@@ -450,13 +450,15 @@  mt76x2_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
 	struct mt76x2_dev *dev = hw->priv;
 	struct mt76x2_sta *msta = (struct mt76x2_sta *) sta->drv_priv;
 	struct ieee80211_txq *txq = sta->txq[params->tid];
-	struct mt76_txq *mtxq = (struct mt76_txq *) txq->drv_priv;
 	u16 tid = params->tid;
 	u16 *ssn = &params->ssn;
+	struct mt76_txq *mtxq;
 
 	if (!txq)
 		return -EINVAL;
 
+	mtxq = (struct mt76_txq *)txq->drv_priv;
+
 	switch (action) {
 	case IEEE80211_AMPDU_RX_START:
 		mt76_set(dev, MT_WCID_ADDR(msta->wcid.idx) + 4, BIT(16 + tid));