wifi: mt76: mt7925: add NULL checks in MLO link and chanctx functions #1032
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add NULL pointer checks for mconf and link_conf in several functions that were missing validation after calling mt792x_vif_to_link() and mt792x_vif_to_bss_conf(). Functions fixed: - mt7925_mac_set_links(): Check both primary and secondary link_conf before dereferencing chanreq.oper for band selection - mt7925_link_info_changed(): Check mconf before using it to get link_conf, prevents NULL dereference chain - mt7925_assign_vif_chanctx(): Check mconf before use, return -EINVAL if NULL; check pri_link_conf before passing to MCU function - mt7925_unassign_vif_chanctx(): Check mconf before dereferencing, return early if NULL during MLO cleanup These functions handle MLO (Multi-Link Operation) scenarios where link configurations may not be fully set up when called, particularly during rapid link state transitions or error recovery paths. Reported-by: Zac Bowling <zac@zacbowling.com> Signed-off-by: Zac Bowling <zac@zacbowling.com>
This was referenced Jan 1, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds NULL pointer checks in MLO link selection and channel context functions.
Problem
Several functions in the MT7925 driver call
mt792x_vif_to_link()andmt792x_vif_to_bss_conf()without checking for NULL return values beforedereferencing. This can cause kernel panics during rapid MLO state transitions.
Functions Fixed
mt7925_mac_set_links(): Check both primary and secondarylink_confbefore dereferencing
chanreq.operfor band selectionmt7925_link_info_changed(): Checkmconfbefore using it to getlink_conf, prevents NULL dereference chainmt7925_assign_vif_chanctx(): Checkmconfbefore use, return -EINVALif NULL; check
pri_link_confbefore passing to MCU functionmt7925_unassign_vif_chanctx(): Checkmconfbefore dereferencing,return early if NULL during MLO cleanup
Testing
Tested on Framework Desktop (AMD Ryzen AI Max 300 Series) with MT7925 WiFi.
Related PRs