From patchwork Thu Dec 14 12:03:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 10111937 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0ADB16019C for ; Thu, 14 Dec 2017 12:03:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EF84529BF8 for ; Thu, 14 Dec 2017 12:03:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E435829C27; Thu, 14 Dec 2017 12:03:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7F44929BF8 for ; Thu, 14 Dec 2017 12:03:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752023AbdLNMDi (ORCPT ); Thu, 14 Dec 2017 07:03:38 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:40482 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751799AbdLNMDh (ORCPT ); Thu, 14 Dec 2017 07:03:37 -0500 Received: by mail-wm0-f66.google.com with SMTP id f206so10884439wmf.5 for ; Thu, 14 Dec 2017 04:03:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=63QhRGG7taoYiRxE32sFODKHAkqHOfC0F05Y3aV6DIo=; b=CTzf/an154gYXKtv5j6+q4qWNrzG9TBrneHgp2ExCTG+g4EfVLSH+SmFWI4BD+5Z38 0r60b0wjRYN9A7NC9w95R4QALhfhMBhUjaLlpbYecY7vfA+zhQnYrs/54xkK/8ThWXXN tTwGq+T3MaQGW49oBAwzLGqTeVSZJNW0UvJiKE/vKSienjXwzhdSHg9lsmK1gvNCaGYO SCBy9CXp2muDO3s36lhEB2IzifjlcA7Fl89iHVZebyZ8yrZkHoPP5jwQMSxPkaVNNl4Z wDgA3U3Bgm8HRTr+t7x2jtJijLDJ2+zZNDOwUJ8uDdI+TRhPmHoO7nVj6ELGCE/NnFdz N2dQ== X-Gm-Message-State: AKGB3mIp3eAXNH+/Xx2l04an2DgDyM3Tb/vwCVEZgR9pahXEu8xys5Jd NumAP7OyW0z84njuKpAiQ7sVG7NqVAs= X-Google-Smtp-Source: ACJfBot0/HwlZtxEmOi6oG1jzKwI/0mKVJSI1amxa5UWk7a6hZTodnLA9h8vJK1s/2FBg4JE71GSbw== X-Received: by 10.80.171.89 with SMTP id t25mr11855951edc.224.1513253016880; Thu, 14 Dec 2017 04:03:36 -0800 (PST) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id p93sm3243247edp.14.2017.12.14.04.03.36 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 14 Dec 2017 04:03:36 -0800 (PST) From: Lorenzo Bianconi To: nbd@nbd.name Cc: dan.carpenter@oracle.com, linux-wireless@vger.kernel.org Subject: [PATCH 1/2] mt76: fix possible NULL pointer dereferencing in mt76x2_ampdu_action() Date: Thu, 14 Dec 2017 13:03:16 +0100 Message-Id: <18a56326d68a7d53f3197e450cae0e28382d8d2c.1513252573.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: References: Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Initialize mt76_txq pointer after ieee80211_txq pointer check. Remove space after the pointer cast Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e") Signed-off-by: Lorenzo Bianconi --- drivers/net/wireless/mediatek/mt76/mt76x2_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2_main.c b/drivers/net/wireless/mediatek/mt76/mt76x2_main.c index 2cef48edb275..33469e32567b 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76x2_main.c +++ b/drivers/net/wireless/mediatek/mt76/mt76x2_main.c @@ -450,13 +450,15 @@ mt76x2_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct mt76x2_dev *dev = hw->priv; struct mt76x2_sta *msta = (struct mt76x2_sta *) sta->drv_priv; struct ieee80211_txq *txq = sta->txq[params->tid]; - struct mt76_txq *mtxq = (struct mt76_txq *) txq->drv_priv; u16 tid = params->tid; u16 *ssn = ¶ms->ssn; + struct mt76_txq *mtxq; if (!txq) return -EINVAL; + mtxq = (struct mt76_txq *)txq->drv_priv; + switch (action) { case IEEE80211_AMPDU_RX_START: mt76_set(dev, MT_WCID_ADDR(msta->wcid.idx) + 4, BIT(16 + tid));