forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2024-10-16 50a212ec906f7524620675f0c57357691c26c81f 
 kernel/drivers/nfc/st-nci/se.c
....@@ -1,19 +1,8 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
12 /*
23  * Secure Element driver for STMicroelectronics NFC NCI chip
34  *
45  * Copyright (C) 2014-2015 STMicroelectronics SAS. All rights reserved.
5
- *
6
- * This program is free software; you can redistribute it and/or modify it
7
- * under the terms and conditions of the GNU General Public License,
8
- * version 2, as published by the Free Software Foundation.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
176  */
187 
198 #include <linux/module.h>
....@@ -338,12 +327,11 @@
338327 		 * AID          81      5 to 16
339328 		 * PARAMETERS   82      0 to 255
340329 		 */
341
-		if (skb->len < NFC_MIN_AID_LENGTH + 2 &&
330
+		if (skb->len < NFC_MIN_AID_LENGTH + 2 ||
342331 		    skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
343332 			return -EPROTO;
344333 
345
-		transaction = (struct nfc_evt_transaction *)devm_kzalloc(dev,
346
-					    skb->len - 2, GFP_KERNEL);
334
+		transaction = devm_kzalloc(dev, skb->len - 2, GFP_KERNEL);
347335 		if (!transaction)
348336 			return -ENOMEM;
349337 
....@@ -352,8 +340,10 @@
352340 
353341 		/* Check next byte is PARAMETERS tag (82) */
354342 		if (skb->data[transaction->aid_len + 2] !=
355
-		    NFC_EVT_TRANSACTION_PARAMS_TAG)
343
+		    NFC_EVT_TRANSACTION_PARAMS_TAG) {
344
+			devm_kfree(dev, transaction);
356345 			return -EPROTO;
346
+		}
357347 
358348 		transaction->params_len = skb->data[transaction->aid_len + 3];
359349 		memcpy(transaction->params, skb->data +
....@@ -674,6 +664,12 @@
674664 					ST_NCI_EVT_TRANSMIT_DATA, apdu,
675665 					apdu_length);
676666 	default:
667
+		/* Need to free cb_context here as at the moment we can't
668
+		 * clearly indicate to the caller if the callback function
669
+		 * would be called (and free it) or not. In both cases a
670
+		 * negative value may be returned to the caller.
671
+		 */
672
+		kfree(cb_context);
677673 		return -ENODEV;
678674 	}
679675 }