From 614eb48315f1d51075cd7728238916b2637af2a9 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Mon, 18 Jul 2022 09:14:30 +0200
Subject: [PATCH] wifi: mac80211: fix NULL pointer deref with non-MLD STA

If we have a non-MLD STA on an AP MLD, we crash while
adding the station. Fix that, in this case we need to
use the STA's address also on the link data structure.

Fixes: 726d9dd23090 ("wifi: mac80211: fix up link station creation/insertion")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 net/mac80211/cfg.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index fe6500b36953e..b0fdfc61b2f9d 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1854,10 +1854,15 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
 	    !sdata->u.mgd.associated)
 		return -EINVAL;
 
+	/*
+	 * If we have a link ID, it can be a non-MLO station on an AP MLD,
+	 * but we need to have a link_mac in that case as well, so use the
+	 * STA's MAC address in that case.
+	 */
 	if (params->link_sta_params.link_id >= 0)
 		sta = sta_info_alloc_with_link(sdata, mac,
 					       params->link_sta_params.link_id,
-					       params->link_sta_params.link_mac,
+					       params->link_sta_params.link_mac ?: mac,
 					       GFP_KERNEL);
 	else
 		sta = sta_info_alloc(sdata, mac, GFP_KERNEL);
-- 
2.39.5