| Message ID | 6bec5a9b55f13d40c2803f0fa60173451d5ea14a.1458262312.git.julian.calaby@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Kalle Valo |
| Headers | show |
On Fri, Mar 18, 2016 at 01:29:11PM +1100, Julian Calaby wrote: > In some of the non-success return paths, the memory allocated by > iwl4965_sta_alloc_lq() in iwl4965_alloc_bcast_station() is not freed. > > In particular: > - if the card isn't ready after il4965_prepare_card_hw() > - if the card is hardware-rfkilled > > In the hardware rfkilled path, the driver enables the rfkill > interrupt. When the card is unrfkilled and this interrupt is raised > we end up calling il4965_bg_restart() which calls __il4965_up() which > calls iwl4965_alloc_bcast_station() again. > > Suggested-by: Jia-Ju Bai <baijiaju1990@163.com> > Signed-off-by: Julian Calaby <julian.calaby@gmail.com> > > --- > > This is only compile tested as I don't have compatible hardware. I also > don't know the driver enough to know that this is truly correct - however > it looks right and I stand by my analysis. > > Could someone else please review this? I have similar objection like on previous patch "iwl4965: Fix a memory leak in error handling code of __il4965_up" . Next week I will try test that on the HW and see how it's going. For now this look for me, like different fix should be prepared. Thanks Stanislaw -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Mar 18, 2016 at 01:29:11PM +1100, Julian Calaby wrote: > In some of the non-success return paths, the memory allocated by > iwl4965_sta_alloc_lq() in iwl4965_alloc_bcast_station() is not freed. > > In particular: > - if the card isn't ready after il4965_prepare_card_hw() > - if the card is hardware-rfkilled > > In the hardware rfkilled path, the driver enables the rfkill > interrupt. When the card is unrfkilled and this interrupt is raised > we end up calling il4965_bg_restart() which calls __il4965_up() which > calls iwl4965_alloc_bcast_station() again. > > Suggested-by: Jia-Ju Bai <baijiaju1990@163.com> > Signed-off-by: Julian Calaby <julian.calaby@gmail.com> > > --- > > This is only compile tested as I don't have compatible hardware. I also > don't know the driver enough to know that this is truly correct - however > it looks right and I stand by my analysis. > > Could someone else please review this? Looks ok. Acked-by: Stanislaw Gruszka <sgruszka@redhat.com> -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c index 30d9dd3..f9ed480 100644 --- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c +++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c @@ -5553,6 +5553,7 @@ __il4965_up(struct il_priv *il) il4965_prepare_card_hw(il); if (!il->hw_ready) { + il_dealloc_bcast_stations(il); IL_ERR("HW not ready\n"); return -EIO; } @@ -5564,6 +5565,7 @@ __il4965_up(struct il_priv *il) set_bit(S_RFKILL, &il->status); wiphy_rfkill_set_hw_state(il->hw->wiphy, true); + il_dealloc_bcast_stations(il); il_enable_rfkill_int(il); IL_WARN("Radio disabled by HW RF Kill switch\n"); return 0;
In some of the non-success return paths, the memory allocated by iwl4965_sta_alloc_lq() in iwl4965_alloc_bcast_station() is not freed. In particular: - if the card isn't ready after il4965_prepare_card_hw() - if the card is hardware-rfkilled In the hardware rfkilled path, the driver enables the rfkill interrupt. When the card is unrfkilled and this interrupt is raised we end up calling il4965_bg_restart() which calls __il4965_up() which calls iwl4965_alloc_bcast_station() again. Suggested-by: Jia-Ju Bai <baijiaju1990@163.com> Signed-off-by: Julian Calaby <julian.calaby@gmail.com> --- This is only compile tested as I don't have compatible hardware. I also don't know the driver enough to know that this is truly correct - however it looks right and I stand by my analysis. Could someone else please review this? Thanks, Julian Calaby --- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 ++ 1 file changed, 2 insertions(+)