Received: by 2002:a05:7412:3210:b0:e2:908c:2ebd with SMTP id eu16csp782449rdb;
        Fri, 1 Sep 2023 04:16:12 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IG1Ta1oN26us2OHGi9F0dluqUmO58WA4BJ558jfGkq4pG8i40iJX+S6lui8dme0ANhL9kAm
X-Received: by 2002:a2e:9d04:0:b0:2b5:9778:7ce2 with SMTP id t4-20020a2e9d04000000b002b597787ce2mr1425130lji.15.1693566972708;
        Fri, 01 Sep 2023 04:16:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1693566972; cv=none;
        d=google.com; s=arc-20160816;
        b=QoISpNpapxot2H99uBOoM19BlPT0QbOBx6WL2TIVMcoeHTx2XlvKZVVj8+rpwb7kWf
         pVbyCjDuh5E2KSbdBZ7sZ5LlPUYn0ls50wkS48/d9X1o3FoPmoYxykTHYTBQq9lCKJ47
         NV+E6U4heRz+jLysYIvIbs3fG0vvqDu/32pE1Eg5Tou+mng+2QVMUxTtd+x8QYouToSi
         JXxMLqJ5vQA9zEBtAAXskNnuyaTCbbQU6dAnN9JSQZfhNaFkzs8Km7okdmgJ1UzcLgQ8
         Jr28QPcaj7hPH/7t1lVlktQKo6HXIIz7Llym21ZK7o2VKsOqwUPJwU+ItybtD3BM3lCy
         /+bQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=m9/FtkSvnwq4E/eVRP0q18FA5GJPzSrXjG5pPFC7Kv0=;
        fh=zgtE5YjvuzTolFdhD4bHx0bvJLTVUaohGm9h1hp/sgs=;
        b=h9n30bjUIx9VjksTKluQ+HdmOH5IrDUmdrfeHi7wfILuxgzg7uCYNXXNeGOk3/ONSj
         QFtMOLKXo+pfBIReNHsAyfpK1JRfhXBzdSXoa45Ul7b2R24b6Zym1e3usvgbDuZ1ref9
         5WLDLy/tApIRihZFoG1Adynd6Wp2WmZXdO2q6zyeh4VaZHkRrQiIi8VwezgqWYndKbnS
         hFftKATZu06j3FYf9GQ1dtbubjSlqD9RwEeuyOP6TE4/1+Yl1StRIrVpId2R1rjBHXSE
         SADmxAfWJpPnhowI9qED1YmV64JM1/lUzHeOmOyeeoHdciw4MBTXG0y3hXLavwF4whHN
         z0Cg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id n20-20020a1709065e1400b0099dd5d4affesi2370388eju.981.2023.09.01.04.15.59;
        Fri, 01 Sep 2023 04:16:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242406AbjIAIJu (ORCPT <rfc822;pigworlds@gmail.com> + 51 others);
        Fri, 1 Sep 2023 04:09:50 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41540 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231522AbjIAIJu (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Fri, 1 Sep 2023 04:09:50 -0400
Received: from hust.edu.cn (unknown [202.114.0.240])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D539CC;
        Fri,  1 Sep 2023 01:09:47 -0700 (PDT)
Received: from localhost.localdomain ([172.16.0.254])
        (user=dzm91@hust.edu.cn mech=LOGIN bits=0)
        by mx1.hust.edu.cn  with ESMTP id 381875mt005504-381875mu005504
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
        Fri, 1 Sep 2023 16:07:10 +0800
From:   Dongliang Mu <dzm91@hust.edu.cn>
To:     =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>,
        Kalle Valo <kvalo@kernel.org>,
        Sujith Manoharan <c_manoha@qca.qualcomm.com>,
        "John W. Linville" <linville@tuxdriver.com>
Cc:     hust-os-kernel-patches@googlegroups.com,
        Dongliang Mu <dzm91@hust.edu.cn>,
        linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] ath9k: fix null-ptr-deref in ath_chanctx_event
Date:   Fri,  1 Sep 2023 16:07:00 +0800
Message-Id: <20230901080701.1705649-1-dzm91@hust.edu.cn>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-FEAS-AUTH-USER: dzm91@hust.edu.cn
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

Smatch reports:

ath_chanctx_event() error: we previously assumed 'vif' could be null

The function ath_chanctx_event can be called with vif argument as NULL.
If vif is NULL, ath_dbg can trigger a null pointer dereference.

Fix this by adding a null pointer check.

Fixes: 878066e745b5 ("ath9k: Add more debug statements for channel context")
Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn>
---
 drivers/net/wireless/ath/ath9k/channel.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath9k/channel.c b/drivers/net/wireless/ath/ath9k/channel.c
index 571062f2e82a..e343c8962d14 100644
--- a/drivers/net/wireless/ath/ath9k/channel.c
+++ b/drivers/net/wireless/ath/ath9k/channel.c
@@ -576,7 +576,9 @@ void ath_chanctx_event(struct ath_softc *sc, struct ieee80211_vif *vif,
 		if (sc->sched.state != ATH_CHANCTX_STATE_WAIT_FOR_BEACON)
 			break;
 
-		ath_dbg(common, CHAN_CTX, "Preparing beacon for vif: %pM\n", vif->addr);
+		if (vif)
+			ath_dbg(common, CHAN_CTX,
+				"Preparing beacon for vif: %pM\n", vif->addr);
 
 		sc->sched.beacon_pending = true;
 		sc->sched.next_tbtt = REG_READ(ah, AR_NEXT_TBTT_TIMER);
-- 
2.39.2