mt76: fix a possible NULL pointer dereference in mt76_testmode_dump

Fix a possible NULL pointer dereference in mt76_testmode_dump() since
nla_nest_start returns NULL in case of error

Fixes: f0efa8621550e ("mt76: add API for testmode support")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/drivers/net/wireless/mediatek/mt76/testmode.c b/drivers/net/wireless/mediatek/mt76/testmode.c
index 75bb02c..5bd6ac1 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/testmode.c
+++ b/drivers/net/wireless/mediatek/mt76/testmode.c
@@ -442,9 +442,13 @@ int mt76_testmode_dump(struct ieee80211_hw *hw, struct sk_buff *msg,
        mutex_lock(&dev->mutex);
 
        if (tb[MT76_TM_ATTR_STATS]) {
+               err = -EINVAL;
+
                a = nla_nest_start(msg, MT76_TM_ATTR_STATS);
-               err = mt76_testmode_dump_stats(dev, msg);
-               nla_nest_end(msg, a);
+               if (a) {
+                       err = mt76_testmode_dump_stats(dev, msg);
+                       nla_nest_end(msg, a);
+               }
 
                goto out;
        }