iwlwifi: mvm: don't crash on invalid rate w/o STA

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If we get to the WARN_ONCE(..., "Got a HT rate (...)", ...)
here with a NULL sta, then we crash because mvmsta is bad
and we try to dereference it. Fix that by printing -1 as the
state if no station was given.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fixes: 6761a718263a ("iwlwifi: mvm: add explicit check for non-data frames in get Tx rate")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/iwlwifi.20211203140410.1a1541d7dcb5.I606c746e11447fe168cf046376b70b04e278c3b4@changeid

authored by

Johannes Berg and committed by

Kalle Valo 4 years ago d599f714 06d59d62

+3 -2

1 changed file

expand all

drivers

net

wireless

intel

iwlwifi

mvm

tx.c

+3 -2

drivers/net/wireless/intel/iwlwifi/mvm/tx.c

··· 269 269 u8 rate_plcp; 270 270 u32 rate_flags = 0; 271 271 bool is_cck; 272 - struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 273 272 274 273 /* info->control is only relevant for non HW rate control */ 275 274 if (!ieee80211_hw_check(mvm->hw, HAS_RATE_CONTROL)) { 275 + struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 276 + 276 277 /* HT rate doesn't make sense for a non data frame */ 277 278 WARN_ONCE(info->control.rates[0].flags & IEEE80211_TX_RC_MCS && 278 279 !ieee80211_is_data(fc), 279 280 "Got a HT rate (flags:0x%x/mcs:%d/fc:0x%x/state:%d) for a non data frame\n", 280 281 info->control.rates[0].flags, 281 282 info->control.rates[0].idx, 282 - le16_to_cpu(fc), mvmsta->sta_state); 283 + le16_to_cpu(fc), sta ? mvmsta->sta_state : -1); 283 284 284 285 rate_idx = info->control.rates[0].idx; 285 286 }