Move dereference to retrieve fw_id member of the link to after the link
is NULL checked.

Fixes: 77e67d5daaf1 ("wifi: iwlwifi: fix potential use after free in iwl_mld_remove_link()")
Signed-off-by: Rory Little <rory@candelatech.com>
---
 drivers/net/wireless/intel/iwlwifi/mld/link.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/mld/link.c b/drivers/net/wireless/intel/iwlwifi/mld/link.c
index d89840a1152b..13102753b36c 100644
--- a/drivers/net/wireless/intel/iwlwifi/mld/link.c
+++ b/drivers/net/wireless/intel/iwlwifi/mld/link.c
@@ -504,11 +504,13 @@ void iwl_mld_remove_link(struct iwl_mld *mld,
 	struct iwl_mld_vif *mld_vif = iwl_mld_vif_from_mac80211(bss_conf->vif);
 	struct iwl_mld_link *link = iwl_mld_link_from_mac80211(bss_conf);
 	bool is_deflink = link == &mld_vif->deflink;
-	u8 fw_id = link->fw_id;
+	u8 fw_id;
 
 	if (WARN_ON(!link || link->active))
 		return;
 
+	fw_id  = link->fw_id;
+
 	iwl_mld_rm_link_from_fw(mld, bss_conf);
 	/* Continue cleanup on failure */
 
-- 
2.49.0