Commit 1d8820d5 authored by Po-Hao Huang's avatar Po-Hao Huang Committed by Kalle Valo
Browse files

rtw88: fix c2h memory leak 



Fix erroneous code that leads to unreferenced objects. During H2C
operations, some functions returned without freeing the memory that only
the function have access to. Release these objects when they're no longer
needed to avoid potentially memory leaks.

Signed-off-by: default avatarPo-Hao Huang <phhuang@realtek.com>
Signed-off-by: default avatarPing-Ke Shih <pkshih@realtek.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210624023459.10294-1-pkshih@realtek.com
parent 1a3ac5c6

drivers/net/wireless/realtek/rtw88/coex.c

+10 −1
Original line number Diff line number Diff line
@@ -591,8 +591,10 @@ void rtw_coex_info_response(struct rtw_dev *rtwdev, struct sk_buff *skb) 
	struct rtw_coex *coex = &rtwdev->coex;

	u8 *payload = get_payload_from_coex_resp(skb);



	if (payload[0] != COEX_RESP_ACK_BY_WL_FW)

	if (payload[0] != COEX_RESP_ACK_BY_WL_FW) {

		dev_kfree_skb_any(skb);

		return;

	}



	skb_queue_tail(&coex->queue, skb);

	wake_up(&coex->wait);
@@ -3515,6 +3517,7 @@ static bool rtw_coex_get_bt_reg(struct rtw_dev *rtwdev, 


	payload = get_payload_from_coex_resp(skb);

	*val = GET_COEX_RESP_BT_REG_VAL(payload);

	dev_kfree_skb_any(skb);



	return true;

}
@@ -3533,6 +3536,8 @@ static bool rtw_coex_get_bt_patch_version(struct rtw_dev *rtwdev, 


	payload = get_payload_from_coex_resp(skb);

	*patch_version = GET_COEX_RESP_BT_PATCH_VER(payload);

	dev_kfree_skb_any(skb);



	return true;

}
@@ -3550,6 +3555,8 @@ static bool rtw_coex_get_bt_supported_version(struct rtw_dev *rtwdev, 


	payload = get_payload_from_coex_resp(skb);

	*supported_version = GET_COEX_RESP_BT_SUPP_VER(payload);

	dev_kfree_skb_any(skb);



	return true;

}
@@ -3567,6 +3574,8 @@ static bool rtw_coex_get_bt_supported_feature(struct rtw_dev *rtwdev, 


	payload = get_payload_from_coex_resp(skb);

	*supported_feature = GET_COEX_RESP_BT_SUPP_FEAT(payload);

	dev_kfree_skb_any(skb);



	return true;

}

drivers/net/wireless/realtek/rtw88/fw.c

+2 −0
Original line number Diff line number Diff line
@@ -245,10 +245,12 @@ void rtw_fw_c2h_cmd_rx_irqsafe(struct rtw_dev *rtwdev, u32 pkt_offset, 
		break;

	case C2H_WLAN_RFON:

		complete(&rtwdev->lps_leave_check);

		dev_kfree_skb_any(skb);

		break;

	case C2H_SCAN_RESULT:

		complete(&rtwdev->fw_scan_density);

		rtw_fw_scan_result(rtwdev, c2h->payload, len);

		dev_kfree_skb_any(skb);

		break;

	default:

		/* pass offset for further operation */

drivers/net/wireless/realtek/rtw88/main.c

+1 −0
Original line number Diff line number Diff line
@@ -1899,6 +1899,7 @@ void rtw_core_deinit(struct rtw_dev *rtwdev) 
	destroy_workqueue(rtwdev->tx_wq);

	spin_lock_irqsave(&rtwdev->tx_report.q_lock, flags);

	skb_queue_purge(&rtwdev->tx_report.queue);

	skb_queue_purge(&rtwdev->coex.queue);

	spin_unlock_irqrestore(&rtwdev->tx_report.q_lock, flags);



	list_for_each_entry_safe(rsvd_pkt, tmp, &rtwdev->rsvd_page_list,