If starting the op mode failed, the opmode memory is being freed,
so trans->op_mode needs to be NULLified. Otherwise, trans will access
already freed memory.
Call iwl_trans_op_mode_leave in that case.
Fixes: d1e879ec600f ("wifi: iwlwifi: add iwlmld sub-driver")
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@xxxxxxxxx>
---
drivers/net/wireless/intel/iwlwifi/mld/mld.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mld/mld.c b/drivers/net/wireless/intel/iwlwifi/mld/mld.c
index cfdf52b43c68..4a0842a46a8d 100644
--- a/drivers/net/wireless/intel/iwlwifi/mld/mld.c
+++ b/drivers/net/wireless/intel/iwlwifi/mld/mld.c
@@ -414,7 +414,7 @@ iwl_op_mode_mld_start(struct iwl_trans *trans, const struct iwl_cfg *cfg,
wiphy_unlock(mld->wiphy);
rtnl_unlock();
iwl_fw_flush_dumps(&mld->fwrt);
- goto free_hw;
+ goto err;
}
/* We are about to stop the FW. Notifications may require an
@@ -460,7 +460,8 @@ iwl_op_mode_mld_start(struct iwl_trans *trans, const struct iwl_cfg *cfg,
iwl_mld_leds_exit(mld);
free_nvm:
kfree(mld->nvm_data);
-free_hw:
+err:
+ iwl_trans_op_mode_leave(mld->trans);
ieee80211_free_hw(mld->hw);
return ERR_PTR(ret);
}
--
2.34.1
