ath6kl: Fix htc_packet leak in ath6kl_htc_rx_process_packets()

Packet is not reclaimed when ath6kl_htc_rx_process_hdr() fails.
Fix this by deferring the packet deletion from comp_pktq till
ath6kl_htc_rx_process_hdr() returns success. This bug is found
in code review, impact is not easily visible as the leak happens
only in failure cases.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>

diff --git a/drivers/net/wireless/ath/ath6kl/htc.c b/drivers/net/wireless/ath/ath6kl/htc.c
index f88a7c9e41485d6cb1806110c359e4d8cddce241..7bc988438ead29498d35d2f04facc2e41e004dd1 100644 (file)
--- a/drivers/net/wireless/ath/ath6kl/htc.c
+++ b/drivers/net/wireless/ath/ath6kl/htc.c
@@ -1643,7 +1643,6 @@ static int ath6kl_htc_rx_process_packets(struct htc_target *target,
        int status = 0;
 
        list_for_each_entry_safe(packet, tmp_pkt, comp_pktq, list) {
-               list_del(&packet->list);
                ep = &target->endpoint[packet->endpoint];
 
                /* process header for each of the recv packet */
@@ -1652,6 +1651,8 @@ static int ath6kl_htc_rx_process_packets(struct htc_target *target,
                if (status)
                        return status;
 
+               list_del(&packet->list);
+
                if (list_empty(comp_pktq)) {
                        /*
                         * Last packet's more packet flag is set