iwlwifi: mvm: BT Coex fix another NULL pointer dereference

This patch is very similar to a previous fix: 22cba0c0852f

When we disassociate, mac80211 removes the station and
then, it sets the bss it unsets the assoc bool in bss_info.

Since the firwmware wants it the opposite (first set the
MAC context as unassoc, and only then, remove the STA of
the API), we have a small period of time in which the STA
in firmware doesn't have a valid ieee80211_sta pointer.
During that time, iwl_mvm_vif->ap_sta_id, is still set
to the STA in firmware that represent the AP.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>

1 files changed, 5 insertions, 0 deletions

diff --git a/drivers/net/wireless/iwlwifi/mvm/bt-coex.c b/drivers/net/wireless/iwlwifi/mvm/bt-coex.c
index b647147eb4a7..75b72a956552 100644
--- a/drivers/net/wireless/iwlwifi/mvm/bt-coex.c
+++ b/drivers/net/wireless/iwlwifi/mvm/bt-coex.c
@@ -841,6 +841,11 @@ static void iwl_mvm_bt_rssi_iterator(void *_data, u8 *mac,
 
         sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[mvmvif->ap_sta_id],
                                         lockdep_is_held(&mvm->mutex));
+
+        /* This can happen if the station has been removed right now */
+        if (IS_ERR_OR_NULL(sta))
+                return;
+
         mvmsta = (void *)sta->drv_priv;
 
         data->num_bss_ifaces++;