From patchwork Thu Sep 14 18:17:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Larry Finger X-Patchwork-Id: 9953677 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1A934602C9 for ; Thu, 14 Sep 2017 18:18:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1F50C291D5 for ; Thu, 14 Sep 2017 18:18:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 11CA3291D7; Thu, 14 Sep 2017 18:18:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5BFA3291DD for ; Thu, 14 Sep 2017 18:17:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751471AbdINSR5 (ORCPT ); Thu, 14 Sep 2017 14:17:57 -0400 Received: from mail-io0-f196.google.com ([209.85.223.196]:36452 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751447AbdINSRz (ORCPT ); Thu, 14 Sep 2017 14:17:55 -0400 Received: by mail-io0-f196.google.com with SMTP id n69so1082785ioi.3; Thu, 14 Sep 2017 11:17:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id; bh=Qqn80nmmsospsEwug6EqP039O3t2lu0ZaWPkUtpxoRI=; b=PBOg3UPJI3hLR4Uw3yHwztDVlStcsnYpErUl9SzCpe3A/O1mW9CF04EbaG52uUShwW e8HbnWrK2Iz80j4HWiGgdVcfLhkchQQB6StV6COq15XcWhY9Drm0fCvn4ohtgQiHhAdG 8KJejw+vfFxxDtEb1GD6+E8zbrcliWW+oK6sbpbO73whAjNEiT25807y20Wszl6Gj/2/ dGdRw0rYs/7XEUazJHbFnAsEn8sIiIfy4ZBxq1XC6Cl5ed4wWltvI3DlLT853nmnCPTr OwCg05YEcx/JDldl+hwfpdAwpOleqjkEW1GFdjdom9HdR7edIzoWF5LBj3h8yCaFtZnk qzNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id; bh=Qqn80nmmsospsEwug6EqP039O3t2lu0ZaWPkUtpxoRI=; b=DWJxskIuLMabg9sk/H9YuXlXGkIAzVzU2LbkAIG7mhVtBlMetKjvxDsg2ZYiWvSDd/ Q6mOCbnvpRuyF9+gE9AGNaMFVnyuwc3FxAiTJ4RhJmlA+AgJtfMI6Ftr3tMMpPy1M3s/ X8Ky439L9fmkSv0tONnHh8xkiIgTZkMWEpjI84FM+aYbHbpRJBbVJ3er0uVqe5Yow2Vu LwS8xU0KJe4V8vTn3aRCr1WPJG8MRro3ktYY5jePPwf3gOVAHsdV7ObWpg+UE8wZ12Yy o/+v8VqfRV90o6mn6r+32mwEBvRTRwu8Y4UdArrKXBOxQf6NzZQSyyjm9M+xRGPtn+nA IvNA== X-Gm-Message-State: AHPjjUgw1Rp9TAoFGkpp9JpPgu6qST3tqoZHAlcCAqPpdaePGVbhM6nU bDO//lrffqUHgQ== X-Google-Smtp-Source: AOwi7QB8R83okAhHZQckZgAn8NVKiwS34p7R285/HxxEqJ4o+j1jaPJvEq9Our2NPLzF+MxYfe3TFQ== X-Received: by 10.202.237.150 with SMTP id l144mr23581776oih.88.1505413075240; Thu, 14 Sep 2017 11:17:55 -0700 (PDT) Received: from linux-4v1g.suse (cpe-24-31-249-175.kc.res.rr.com. [24.31.249.175]) by smtp.gmail.com with ESMTPSA id h196sm20580847oic.51.2017.09.14.11.17.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 14 Sep 2017 11:17:54 -0700 (PDT) From: Larry Finger To: kvalo@codeaurora.org Cc: linux-wireless@vger.kernel.org, Larry Finger , Stable Subject: [PATCH] rtlwifi: rtl8192ee: Fix memory leak when loading firmware Date: Thu, 14 Sep 2017 13:17:44 -0500 Message-Id: <20170914181744.8216-1-Larry.Finger@lwfinger.net> X-Mailer: git-send-email 2.12.3 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In routine rtl92ee_set_fw_rsvdpagepkt(), the driver allocates an skb, but never calls rtl_cmd_send_packet(), which will free the buffer. All other rtlwifi drivers perform this operation correctly. This problem has been in the driver since it was included in the kernel. Fortunately, each firmware load only leaks 4 buffers, which likely explains why it has not previously been detected. Cc: Stable # 3.18+ Signed-off-by: Larry Finger --- drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c index 7eae27f8e173..f9563ae301ad 100644 --- a/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c @@ -682,7 +682,7 @@ void rtl92ee_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished) struct rtl_priv *rtlpriv = rtl_priv(hw); struct rtl_mac *mac = rtl_mac(rtl_priv(hw)); struct sk_buff *skb = NULL; - + bool rtstatus; u32 totalpacketlen; u8 u1rsvdpageloc[5] = { 0 }; bool b_dlok = false; @@ -768,7 +768,9 @@ void rtl92ee_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished) skb = dev_alloc_skb(totalpacketlen); skb_put_data(skb, &reserved_page_packet, totalpacketlen); - b_dlok = true; + rtstatus = rtl_cmd_send_packet(hw, skb); + if (rtstatus) + b_dlok = true; if (b_dlok) { RT_TRACE(rtlpriv, COMP_POWER, DBG_LOUD ,