wifi: mt76: mt7996: add missing check for rx wcid entries

Non-station wcid entries must not be passed to the rx functions.
In case of the global wcid entry, it could even lead to corruption in the wcid
array due to pointer being casted to struct mt7996_sta_link using container_of.

Fixes: 7464b12b7d92 ("wifi: mt76: mt7996: rework mt7996_rx_get_wcid to support MLO")
Link: https://patch.msgid.link/20250827085352.51636-3-nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mac.c b/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
index 837deb41ae13115fbe4c8c8ff881a4b98c294092..b3fcca9bbb95899ee6f994cfdf293da7889ab0ae 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
@@ -62,7 +62,7 @@ static struct mt76_wcid *mt7996_rx_get_wcid(struct mt7996_dev *dev,
        int i;
 
        wcid = mt76_wcid_ptr(dev, idx);
-       if (!wcid)
+       if (!wcid || !wcid->sta)
                return NULL;
 
        if (!mt7996_band_valid(dev, band_idx))