Commit 43e7c350 authored by Jianglei Nie's avatar Jianglei Nie Committed by Kalle Valo
Browse files

wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() 



mhi_alloc_controller() allocates a memory space for mhi_ctrl. When gets
some error, mhi_ctrl should be freed with mhi_free_controller(). But
when ath11k_mhi_read_addr_from_dt() fails, the function returns without
calling mhi_free_controller(), which will lead to a memory leak.

We can fix it by calling mhi_free_controller() when
ath11k_mhi_read_addr_from_dt() fails.

Signed-off-by: default avatarJianglei Nie <niejianglei2021@163.com>
Reviewed-by: default avatarJeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220907073704.58806-1-niejianglei2021@163.com
parent 876eb848

drivers/net/wireless/ath/ath11k/mhi.c

+10 −7
Original line number Diff line number Diff line
@@ -402,8 +402,7 @@ int ath11k_mhi_register(struct ath11k_pci *ab_pci) 
	ret = ath11k_mhi_get_msi(ab_pci);

	if (ret) {

		ath11k_err(ab, "failed to get msi for mhi\n");

		mhi_free_controller(mhi_ctrl);

		return ret;

		goto free_controller;

	}



	if (!test_bit(ATH11K_FLAG_MULTI_MSI_VECTORS, &ab->dev_flags))
@@ -412,7 +411,7 @@ int ath11k_mhi_register(struct ath11k_pci *ab_pci) 
	if (test_bit(ATH11K_FLAG_FIXED_MEM_RGN, &ab->dev_flags)) {

		ret = ath11k_mhi_read_addr_from_dt(mhi_ctrl);

		if (ret < 0)

			return ret;

			goto free_controller;

	} else {

		mhi_ctrl->iova_start = 0;

		mhi_ctrl->iova_stop = 0xFFFFFFFF;
@@ -440,18 +439,22 @@ int ath11k_mhi_register(struct ath11k_pci *ab_pci) 
	default:

		ath11k_err(ab, "failed assign mhi_config for unknown hw rev %d\n",

			   ab->hw_rev);

		mhi_free_controller(mhi_ctrl);

		return -EINVAL;

		ret = -EINVAL;

		goto free_controller;

	}



	ret = mhi_register_controller(mhi_ctrl, ath11k_mhi_config);

	if (ret) {

		ath11k_err(ab, "failed to register to mhi bus, err = %d\n", ret);

		mhi_free_controller(mhi_ctrl);

		return ret;

		goto free_controller;

	}



	return 0;



free_controller:

	mhi_free_controller(mhi_ctrl);

	ab_pci->mhi_ctrl = NULL;

	return ret;

}



void ath11k_mhi_unregister(struct ath11k_pci *ab_pci)