orinoco: Move context allocation after processing the skb

[ Upstream commit a31eb615646a63370aa1da1053c45439c7653d83 ]

ezusb_xmit() allocates a context which is leaked if
orinoco_process_xmit_skb() returns an error.

Move ezusb_alloc_ctx() after the invocation of
orinoco_process_xmit_skb() because the context is not needed so early.
ezusb_access_ltv() will cleanup the context in case of an error.

Fixes: bac6fafd4d6a0 ("orinoco: refactor xmit path")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-2-bigeasy@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
index b849d27..d1fc948 100644 (file)
--- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
@@ -1223,13 +1223,6 @@ static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
        if (skb->len < ETH_HLEN)
                goto drop;
 
-       ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
-       if (!ctx)
-               goto busy;
-
-       memset(ctx->buf, 0, BULK_BUF_SIZE);
-       buf = ctx->buf->data;
-
        tx_control = 0;
 
        err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
@@ -1237,6 +1230,13 @@ static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
        if (err)
                goto drop;
 
+       ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
+       if (!ctx)
+               goto drop;
+
+       memset(ctx->buf, 0, BULK_BUF_SIZE);
+       buf = ctx->buf->data;
+
        {
                __le16 *tx_cntl = (__le16 *)buf;
                *tx_cntl = cpu_to_le16(tx_control);