wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req()

author Zilin Guan <zilin@seu.edu.cn>

Fri, 16 Jan 2026 14:49:19 +0000 (14:49 +0000)

committer Felix Fietkau <nbd@nbd.name>

Mon, 23 Mar 2026 09:23:01 +0000 (09:23 +0000)
author Zilin Guan <zilin@seu.edu.cn>
Fri, 16 Jan 2026 14:49:19 +0000 (14:49 +0000)
committer Felix Fietkau <nbd@nbd.name>
Mon, 23 Mar 2026 09:23:01 +0000 (09:23 +0000)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c

index 0457712286d55cdf5286184332f97a4ed7612fe0..3f583e2a1dc128fc4584bbdf9f661e1b6ae21345 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
@@ -1295,8 +1295,10 @@ int mt76_connac_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif_link *mvif,
                                     wtbl_hdr);
  
         ret = mt76_connac_mcu_sta_wed_update(dev, skb);
-       if (ret)
+       if (ret) {
+               dev_kfree_skb(skb);
                 return ret;
+       }
  
         ret = mt76_mcu_skb_send_msg(dev, skb, cmd, true);
         if (ret)
@@ -1309,8 +1311,10 @@ int mt76_connac_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif_link *mvif,
         mt76_connac_mcu_sta_ba_tlv(skb, params, enable, tx);
  
         ret = mt76_connac_mcu_sta_wed_update(dev, skb);
-       if (ret)
+       if (ret) {
+               dev_kfree_skb(skb);
                 return ret;
+       }
  
         return mt76_mcu_skb_send_msg(dev, skb, cmd, true);
  }
@@ -2764,12 +2768,16 @@ int mt76_connac_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif,
                 return PTR_ERR(skb);
  
         ret = mt76_connac_mcu_sta_key_tlv(sta_key_conf, skb, key, cmd);
-       if (ret)
+       if (ret) {
+               dev_kfree_skb(skb);
                 return ret;
+       }
  
         ret = mt76_connac_mcu_sta_wed_update(dev, skb);
-       if (ret)
+       if (ret) {
+               dev_kfree_skb(skb);
                 return ret;
+       }
  
         return mt76_mcu_skb_send_msg(dev, skb, mcu_cmd, true);
  }
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c

index d6f54b1edfb18b32310a7efce5a4ba6163b64f16..318c3814946372335be551af5bcd150111efd9d1 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
@@ -1765,8 +1765,10 @@ int mt7915_mcu_add_sta(struct mt7915_dev *dev, struct ieee80211_vif *vif,
         }
  out:
         ret = mt76_connac_mcu_sta_wed_update(&dev->mt76, skb);
-       if (ret)
+       if (ret) {
+               dev_kfree_skb(skb);
                 return ret;
+       }
  
         return mt76_mcu_skb_send_msg(&dev->mt76, skb,
                                      MCU_EXT_CMD(STA_REC_UPDATE), true);
diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c

index 2daf5a29220fd90be6ae27209c95774784881d87..1379bf6a26b5bf6e163728bca0a2d8c9d9c04f69 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
@@ -1288,8 +1288,10 @@ int mt7925_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif,
                 return PTR_ERR(skb);
  
         ret = mt7925_mcu_sta_key_tlv(wcid, sta_key_conf, skb, key, cmd, msta);
-       if (ret)
+       if (ret) {
+               dev_kfree_skb(skb);
                 return ret;
+       }
  
         return mt76_mcu_skb_send_msg(dev, skb, mcu_cmd, true);
  }
author	Zilin Guan <zilin@seu.edu.cn>
	Fri, 16 Jan 2026 14:49:19 +0000 (14:49 +0000)
committer	Felix Fietkau <nbd@nbd.name>
	Mon, 23 Mar 2026 09:23:01 +0000 (09:23 +0000)
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c		patch \| blob \| blame \| history
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c		patch \| blob \| blame \| history
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c		patch \| blob \| blame \| history