Commit f7217f71 authored by Lorenzo Bianconi's avatar Lorenzo Bianconi Committed by Kalle Valo
Browse files

mt76: mt76s: fix NULL pointer dereference in mt76s_process_tx_queue 



Fix a possible NULL pointer dereference in mt76s_process_tx_queue that
can occur if status thread runs before allocating tx queues

Fixes: 6a618acb ("mt76: sdio: convert {status/net}_work to mt76_worker")
Signed-off-by: default avatarLorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/b49c1b4edacd87b2241a9fd0431dd4864c8963f6.1607418933.git.lorenzo@kernel.org
parent 123bb2b7

drivers/net/wireless/mediatek/mt76/sdio.c

+5 −1
Original line number Diff line number Diff line
@@ -157,10 +157,14 @@ static void mt76s_net_worker(struct mt76_worker *w) 


static int mt76s_process_tx_queue(struct mt76_dev *dev, struct mt76_queue *q)

{

	bool mcu = q == dev->q_mcu[MT_MCUQ_WM];

	struct mt76_queue_entry entry;

	int nframes = 0;

	bool mcu;



	if (!q)

		return 0;



	mcu = q == dev->q_mcu[MT_MCUQ_WM];

	while (q->queued > 0) {

		if (!q->entry[q->tail].done)

			break;