projects / linux-2.6-microblaze.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
mt76: fix use-after-free by removing a non-RCU wcid pointer
[linux-2.6-microblaze.git] / drivers / net / wireless / mediatek / mt76 / mt7603 / main.c
diff --git a/drivers/net/wireless/mediatek/mt76/mt7603/main.c b/drivers/net/wireless/mediatek/mt76/mt7603/main.c
index 83c5eec..1d098e9 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt7603/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7603/main.c
@@ -75,7 +75,7 @@ mt7603_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
        mt7603_wtbl_init(dev, idx, mvif->idx, bc_addr);
 
        mtxq = (struct mt76_txq *)vif->txq->drv_priv;
-       mtxq->wcid = &mvif->sta.wcid;
+       mtxq->wcid = idx;
        rcu_assign_pointer(dev->mt76.wcid[idx], &mvif->sta.wcid);
 
 out:
MicroBlaze GIT Repository