Re: [PATCH] wifi: mt76: mt7915: guard HE capability lookups
From: Lorenzo Bianconi
Date: Sun Jun 21 2026 - 09:34:34 EST
> mt7915_mcu_bss_he_tlv() and mt7915_mcu_sta_bfer_tlv() both run after
> checking HE support, then dereference the HE PHY capability returned by
> mt76_connac_get_he_phy_cap(). That helper can return NULL when no
> capability entry matches the vif type.
>
> Fetch the capability before appending the TLV and skip the HE-specific
> setup when no matching capability is available.
Acked-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
>
> Fixes: e6d557a78b60 ("mt76: mt7915: rely on mt76_connac_get_phy utilities")
> Signed-off-by: Ruoyu Wang <ruoyuw560@xxxxxxxxx>
> ---
> .../net/wireless/mediatek/mt76/mt7915/mcu.c | 18 +++++++++++++-----
> 1 file changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
> index 318c38149463..391c91675130 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
> +++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
> @@ -595,6 +595,8 @@ mt7915_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
> struct tlv *tlv;
>
> cap = mt76_connac_get_he_phy_cap(phy->mt76, vif);
> + if (!cap)
> + return;
>
> tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_HE_BASIC, sizeof(*he));
>
> @@ -1177,13 +1179,12 @@ mt7915_mcu_sta_bfer_vht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
> }
>
> static void
> -mt7915_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
> - struct mt7915_phy *phy, struct sta_rec_bf *bf)
> +mt7915_mcu_sta_bfer_he(struct ieee80211_sta *sta,
> + const struct ieee80211_sta_he_cap *vc,
> + struct sta_rec_bf *bf)
> {
> struct ieee80211_sta_he_cap *pc = &sta->deflink.he_cap;
> struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
> - const struct ieee80211_sta_he_cap *vc =
> - mt76_connac_get_he_phy_cap(phy->mt76, vif);
> const struct ieee80211_he_cap_elem *ve = &vc->he_cap_elem;
> u16 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80);
> u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
> @@ -1242,6 +1243,7 @@ mt7915_mcu_sta_bfer_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
> {
> struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
> struct mt7915_phy *phy = mvif->phy;
> + const struct ieee80211_sta_he_cap *vc = NULL;
> int tx_ant = hweight8(phy->mt76->chainmask) - 1;
> struct sta_rec_bf *bf;
> struct tlv *tlv;
> @@ -1260,6 +1262,12 @@ mt7915_mcu_sta_bfer_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
> if (!ebf && !dev->ibf)
> return;
>
> + if (sta->deflink.he_cap.has_he && ebf) {
> + vc = mt76_connac_get_he_phy_cap(phy->mt76, vif);
> + if (!vc)
> + return;
> + }
> +
> tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BF, sizeof(*bf));
> bf = (struct sta_rec_bf *)tlv;
>
> @@ -1268,7 +1276,7 @@ mt7915_mcu_sta_bfer_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
> * ht: iBF only, since mac80211 lacks of eBF support
> */
> if (sta->deflink.he_cap.has_he && ebf)
> - mt7915_mcu_sta_bfer_he(sta, vif, phy, bf);
> + mt7915_mcu_sta_bfer_he(sta, vc, bf);
> else if (sta->deflink.vht_cap.vht_supported)
> mt7915_mcu_sta_bfer_vht(sta, phy, bf, ebf);
> else if (sta->deflink.ht_cap.ht_supported)
Attachment:
signature.asc
Description: PGP signature