mt76: fix potential DMA mapping leak

With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap could potentially inherit a non-zero value from stack garbage. If this happens, it will cause DMA mappings for MCU command frames to not be unmapped after completion Fixes: 27d5c528a7ca ("mt76: fix double DMA unmap of the first buffer on 7615/7915") Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@nbd.name>
author: Felix Fietkau <nbd@nbd.name> 2021-03-23 22:47:37 +0100
committer: Felix Fietkau <nbd@nbd.name> 2021-04-12 23:07:24 +0200
commit: b4403cee6400c5f679e9c4a82b91d61aa961eccf (patch)
tree: ae283c2ac5dedbe6b425dce756c38af8a999f85b
parent: 4da64fe086d95daa66d0def40fbd1b02d4f813fd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/wireless/mediatek/mt76/dma.c b/drivers/net/wireless/mediatek/mt76/dma.c
index b87b46538b95..6ea58aecca41 100644
--- a/drivers/net/wireless/mediatek/mt76/dma.c
+++ b/drivers/net/wireless/mediatek/mt76/dma.c
@@ -318,7 +318,7 @@ static int
 mt76_dma_tx_queue_skb_raw(struct mt76_dev *dev, struct mt76_queue *q,
 			  struct sk_buff *skb, u32 tx_info)
 {
-	struct mt76_queue_buf buf;
+	struct mt76_queue_buf buf = {};
 	dma_addr_t addr;
 
 	if (q->queued + 1 >= q->ndesc - 1)
author	Felix Fietkau <nbd@nbd.name>	2021-03-23 22:47:37 +0100
committer	Felix Fietkau <nbd@nbd.name>	2021-04-12 23:07:24 +0200
commit	b4403cee6400c5f679e9c4a82b91d61aa961eccf (patch)
tree	ae283c2ac5dedbe6b425dce756c38af8a999f85b
parent	4da64fe086d95daa66d0def40fbd1b02d4f813fd (diff)