wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage

author Dmitry Antipov <dmantipov@yandex.ru>

Tue, 26 Sep 2023 04:29:04 +0000 (07:29 +0300)

committer Kalle Valo <quic_kvalo@quicinc.com>

Thu, 28 Sep 2023 15:15:06 +0000 (18:15 +0300)
author Dmitry Antipov <dmantipov@yandex.ru>
Tue, 26 Sep 2023 04:29:04 +0000 (07:29 +0300)
committer Kalle Valo <quic_kvalo@quicinc.com>
Thu, 28 Sep 2023 15:15:06 +0000 (18:15 +0300)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c

index 39f673aa4b00659b992cfcf73ad5a38772d44ab6..9ce3b575d9cc0481014064ad6a9b977de0edab64 100644 (file)
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -8905,7 +8905,7 @@ static int ath11k_mac_op_remain_on_channel(struct ieee80211_hw *hw,
  {
         struct ath11k *ar = hw->priv;
         struct ath11k_vif *arvif = ath11k_vif_to_arvif(vif);
-       struct scan_req_params arg;
+       struct scan_req_params *arg;
         int ret;
         u32 scan_time_msec;
  
@@ -8937,27 +8937,31 @@ static int ath11k_mac_op_remain_on_channel(struct ieee80211_hw *hw,
  
         scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
  
-       memset(&arg, 0, sizeof(arg));
-       ath11k_wmi_start_scan_init(ar, &arg);
-       arg.num_chan = 1;
-       arg.chan_list = kcalloc(arg.num_chan, sizeof(*arg.chan_list),
-                               GFP_KERNEL);
-       if (!arg.chan_list) {
+       arg = kzalloc(sizeof(*arg), GFP_KERNEL);
+       if (!arg) {
                 ret = -ENOMEM;
                 goto exit;
         }
+       ath11k_wmi_start_scan_init(ar, arg);
+       arg->num_chan = 1;
+       arg->chan_list = kcalloc(arg->num_chan, sizeof(*arg->chan_list),
+                                GFP_KERNEL);
+       if (!arg->chan_list) {
+               ret = -ENOMEM;
+               goto free_arg;
+       }
  
-       arg.vdev_id = arvif->vdev_id;
-       arg.scan_id = ATH11K_SCAN_ID;
-       arg.chan_list[0] = chan->center_freq;
-       arg.dwell_time_active = scan_time_msec;
-       arg.dwell_time_passive = scan_time_msec;
-       arg.max_scan_time = scan_time_msec;
-       arg.scan_flags |= WMI_SCAN_FLAG_PASSIVE;
-       arg.scan_flags |= WMI_SCAN_FILTER_PROBE_REQ;
-       arg.burst_duration = duration;
-
-       ret = ath11k_start_scan(ar, &arg);
+       arg->vdev_id = arvif->vdev_id;
+       arg->scan_id = ATH11K_SCAN_ID;
+       arg->chan_list[0] = chan->center_freq;
+       arg->dwell_time_active = scan_time_msec;
+       arg->dwell_time_passive = scan_time_msec;
+       arg->max_scan_time = scan_time_msec;
+       arg->scan_flags |= WMI_SCAN_FLAG_PASSIVE;
+       arg->scan_flags |= WMI_SCAN_FILTER_PROBE_REQ;
+       arg->burst_duration = duration;
+
+       ret = ath11k_start_scan(ar, arg);
         if (ret) {
                 ath11k_warn(ar->ab, "failed to start roc scan: %d\n", ret);
  
@@ -8983,7 +8987,9 @@ static int ath11k_mac_op_remain_on_channel(struct ieee80211_hw *hw,
         ret = 0;
  
  free_chan_list:
-       kfree(arg.chan_list);
+       kfree(arg->chan_list);
+free_arg:
+       kfree(arg);
  exit:
         mutex_unlock(&ar->conf_mutex);
         return ret;
author	Dmitry Antipov <dmantipov@yandex.ru>
	Tue, 26 Sep 2023 04:29:04 +0000 (07:29 +0300)
committer	Kalle Valo <quic_kvalo@quicinc.com>
	Thu, 28 Sep 2023 15:15:06 +0000 (18:15 +0300)