diff --git a/mt7925/main.c b/mt7925/main.c index 307850a58..9900bd77b 100644 --- a/mt7925/main.c +++ b/mt7925/main.c @@ -604,6 +604,10 @@ static int mt7925_set_link_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, link_sta = sta ? mt792x_sta_to_link_sta(vif, sta, link_id) : NULL; mconf = mt792x_vif_to_link(mvif, link_id); mlink = mt792x_sta_to_link(msta, link_id); + + if (!link_conf || !mconf || !mlink) + return -EINVAL; + wcid = &mlink->wcid; wcid_keyidx = &wcid->hw_key_idx; @@ -887,6 +891,8 @@ static int mt7925_mac_link_sta_add(struct mt76_dev *mdev, MT_WTBL_UPDATE_ADM_COUNT_CLEAR); link_conf = mt792x_vif_to_bss_conf(vif, link_id); + if (!link_conf) + return -EINVAL; /* should update bss info before STA add */ if (vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) { @@ -1032,6 +1038,8 @@ static void mt7925_mac_link_sta_assoc(struct mt76_dev *mdev, msta = (struct mt792x_sta *)link_sta->sta->drv_priv; mlink = mt792x_sta_to_link(msta, link_sta->link_id); + if (!mlink) + return; mt792x_mutex_acquire(dev); @@ -1041,12 +1049,13 @@ static void mt7925_mac_link_sta_assoc(struct mt76_dev *mdev, link_conf = mt792x_vif_to_bss_conf(vif, vif->bss_conf.link_id); } - if (vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) { + if (link_conf && vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) { struct mt792x_bss_conf *mconf; mconf = mt792x_link_conf_to_mconf(link_conf); - mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx, - link_conf, link_sta, true); + if (mconf) + mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx, + link_conf, link_sta, true); } ewma_avg_signal_init(&mlink->avg_ack_signal); @@ -1093,6 +1102,8 @@ static void mt7925_mac_link_sta_remove(struct mt76_dev *mdev, msta = (struct mt792x_sta *)link_sta->sta->drv_priv; mlink = mt792x_sta_to_link(msta, link_id); + if (!mlink) + return; mt7925_roc_abort_sync(dev); @@ -1106,10 +1117,12 @@ static void mt7925_mac_link_sta_remove(struct mt76_dev *mdev, link_conf = mt792x_vif_to_bss_conf(vif, link_id); - if (vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) { + if (link_conf && vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) { struct mt792x_bss_conf *mconf; mconf = mt792x_link_conf_to_mconf(link_conf); + if (!mconf) + goto out; if (ieee80211_vif_is_mld(vif)) mt792x_mac_link_bss_remove(dev, mconf, mlink); @@ -1117,6 +1130,7 @@ static void mt7925_mac_link_sta_remove(struct mt76_dev *mdev, mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx, link_conf, link_sta, false); } +out: spin_lock_bh(&mdev->sta_poll_lock); if (!list_empty(&mlink->wcid.poll_list)) @@ -2021,6 +2035,11 @@ mt7925_change_vif_links(struct ieee80211_hw *hw, struct ieee80211_vif *vif, mlink = mlinks[link_id]; link_conf = mt792x_vif_to_bss_conf(vif, link_id); + if (!link_conf) { + err = -EINVAL; + goto free; + } + rcu_assign_pointer(mvif->link_conf[link_id], mconf); rcu_assign_pointer(mvif->sta.link[link_id], mlink); diff --git a/mt7925/mcu.c b/mt7925/mcu.c index bd38807e4..11acdf1bd 100644 --- a/mt7925/mcu.c +++ b/mt7925/mcu.c @@ -1773,6 +1773,10 @@ mt7925_mcu_sta_phy_tlv(struct sk_buff *skb, link_conf = mt792x_vif_to_bss_conf(vif, link_sta->link_id); mconf = mt792x_vif_to_link(mvif, link_sta->link_id); + + if (!link_conf || !mconf) + return; + chandef = mconf->mt76.ctx ? &mconf->mt76.ctx->def : &link_conf->chanreq.oper; @@ -1851,6 +1855,10 @@ mt7925_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb, link_conf = mt792x_vif_to_bss_conf(vif, link_sta->link_id); mconf = mt792x_vif_to_link(mvif, link_sta->link_id); + + if (!link_conf || !mconf) + return; + chandef = mconf->mt76.ctx ? &mconf->mt76.ctx->def : &link_conf->chanreq.oper; band = chandef->chan->band;