iwl4965: Fix more memory leaks in __il4965_up()

In some of the non-success return paths, the memory allocated by
iwl4965_sta_alloc_lq() in iwl4965_alloc_bcast_station() is not freed.

In particular:
 - if the card isn't ready after il4965_prepare_card_hw()
 - if the card is hardware-rfkilled

In the hardware rfkilled path, the driver enables the rfkill
interrupt. When the card is unrfkilled and this interrupt is raised
we end up calling il4965_bg_restart() which calls __il4965_up() which
calls iwl4965_alloc_bcast_station() again.

Suggested-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: Julian Calaby <julian.calaby@gmail.com>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
index 30d9dd3dda53ed7599ed836064bdf2da550ce2ec..f9ed48070e1743c25cb9c48b8dfff95dee063d19 100644 (file)
--- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c
+++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
@@ -5553,6 +5553,7 @@ __il4965_up(struct il_priv *il)
 
        il4965_prepare_card_hw(il);
        if (!il->hw_ready) {
+               il_dealloc_bcast_stations(il);
                IL_ERR("HW not ready\n");
                return -EIO;
        }
@@ -5564,6 +5565,7 @@ __il4965_up(struct il_priv *il)
                set_bit(S_RFKILL, &il->status);
                wiphy_rfkill_set_hw_state(il->hw->wiphy, true);
 
+               il_dealloc_bcast_stations(il);
                il_enable_rfkill_int(il);
                IL_WARN("Radio disabled by HW RF Kill switch\n");
                return 0;