[PATCH 5.9 318/757] mt76: mt7615: fix possible memory leak in mt7615_tm_set_tx_power
From: Greg Kroah-Hartman
Date: Tue Oct 27 2020 - 12:26:44 EST
From: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
[ Upstream commit e862825dcf74203c5ab60335c341766808f47507 ]
Fix a memory leak in mt7615_tm_set_tx_power routine if
mt7615_eeprom_get_target_power_index fails.
Moreover do not account req_header twice in mcu skb allocation.
Fixes: 4f0bce1c88882 ("mt76: mt7615: implement testmode support")
Signed-off-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
Signed-off-by: Felix Fietkau <nbd@xxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/net/wireless/mediatek/mt76/mt7615/testmode.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/testmode.c b/drivers/net/wireless/mediatek/mt76/mt7615/testmode.c
index 1730751133aa2..2cfa58d49832f 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/testmode.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/testmode.c
@@ -70,7 +70,7 @@ mt7615_tm_set_tx_power(struct mt7615_phy *phy)
if (dev->mt76.test.state != MT76_TM_STATE_OFF)
tx_power = dev->mt76.test.tx_power;
- len = sizeof(req_hdr) + MT7615_EE_MAX - MT_EE_NIC_CONF_0;
+ len = MT7615_EE_MAX - MT_EE_NIC_CONF_0;
skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, sizeof(req_hdr) + len);
if (!skb)
return -ENOMEM;
@@ -83,8 +83,10 @@ mt7615_tm_set_tx_power(struct mt7615_phy *phy)
int index;
ret = mt7615_eeprom_get_target_power_index(dev, chandef->chan, i);
- if (ret < 0)
+ if (ret < 0) {
+ dev_kfree_skb(skb);
return -EINVAL;
+ }
index = ret - MT_EE_NIC_CONF_0;
if (tx_power && tx_power[i])
--
2.25.1