diff mbox series

rtw88: fix c2h memory leak

Message ID 20210621103023.41928-1-pkshih@realtek.com
State Superseded
Headers show
Series rtw88: fix c2h memory leak | expand

Commit Message

Ping-Ke Shih June 21, 2021, 10:30 a.m. UTC
From: Po-Hao Huang <phhuang@realtek.com>

Fix erroneous code that leads to unreferenced objects. During H2C
operations, some functions returned without freeing the memory that only
the function have access to. Release these objects when they're no longer
needed to avoid potentially memory leaks.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
---
 drivers/net/wireless/realtek/rtw88/coex.c | 8 +++++++-
 drivers/net/wireless/realtek/rtw88/fw.c   | 2 ++
 drivers/net/wireless/realtek/rtw88/main.c | 1 +
 3 files changed, 10 insertions(+), 1 deletion(-)

Comments

Kalle Valo June 23, 2021, 5:47 p.m. UTC | #1
Ping-Ke Shih <pkshih@realtek.com> wrote:

> From: Po-Hao Huang <phhuang@realtek.com>

> 

> Fix erroneous code that leads to unreferenced objects. During H2C

> operations, some functions returned without freeing the memory that only

> the function have access to. Release these objects when they're no longer

> needed to avoid potentially memory leaks.

> 

> Signed-off-by: Po-Hao Huang <phhuang@realtek.com>

> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>


Failed to apply, please rebase:

Recorded preimage for 'drivers/net/wireless/realtek/rtw88/coex.c'
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Applying: rtw88: fix c2h memory leak
Using index info to reconstruct a base tree...
M	drivers/net/wireless/realtek/rtw88/coex.c
M	drivers/net/wireless/realtek/rtw88/fw.c
M	drivers/net/wireless/realtek/rtw88/main.c
Falling back to patching base and 3-way merge...
Auto-merging drivers/net/wireless/realtek/rtw88/main.c
Auto-merging drivers/net/wireless/realtek/rtw88/fw.c
Auto-merging drivers/net/wireless/realtek/rtw88/coex.c
CONFLICT (content): Merge conflict in drivers/net/wireless/realtek/rtw88/coex.c
Patch failed at 0001 rtw88: fix c2h memory leak

Patch set to Changes Requested.

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/20210621103023.41928-1-pkshih@realtek.com/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Ping-Ke Shih June 24, 2021, 2:41 a.m. UTC | #2
> -----Original Message-----

> From: kvalo=codeaurora.org@mg.codeaurora.org [mailto:kvalo=codeaurora.org@mg.codeaurora.org] On

> Behalf Of Kalle Valo

> Sent: Thursday, June 24, 2021 1:47 AM

> To: Pkshih

> Cc: tony0620emma@gmail.com; linux-wireless@vger.kernel.org; Bernie Huang

> Subject: Re: [PATCH] rtw88: fix c2h memory leak

> 

> Ping-Ke Shih <pkshih@realtek.com> wrote:

> 

> > From: Po-Hao Huang <phhuang@realtek.com>

> >

> > Fix erroneous code that leads to unreferenced objects. During H2C

> > operations, some functions returned without freeing the memory that only

> > the function have access to. Release these objects when they're no longer

> > needed to avoid potentially memory leaks.

> >

> > Signed-off-by: Po-Hao Huang <phhuang@realtek.com>

> > Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>

> 

> Failed to apply, please rebase:

> 

> Recorded preimage for 'drivers/net/wireless/realtek/rtw88/coex.c'

> error: Failed to merge in the changes.

> hint: Use 'git am --show-current-patch' to see the failed patch

> Applying: rtw88: fix c2h memory leak

> Using index info to reconstruct a base tree...

> M	drivers/net/wireless/realtek/rtw88/coex.c

> M	drivers/net/wireless/realtek/rtw88/fw.c

> M	drivers/net/wireless/realtek/rtw88/main.c

> Falling back to patching base and 3-way merge...

> Auto-merging drivers/net/wireless/realtek/rtw88/main.c

> Auto-merging drivers/net/wireless/realtek/rtw88/fw.c

> Auto-merging drivers/net/wireless/realtek/rtw88/coex.c

> CONFLICT (content): Merge conflict in drivers/net/wireless/realtek/rtw88/coex.c

> Patch failed at 0001 rtw88: fix c2h memory leak

> 

> Patch set to Changes Requested.

> 


v2 is sent.
Thank you
--
Ping-Ke
diff mbox series

Patch

diff --git a/drivers/net/wireless/realtek/rtw88/coex.c b/drivers/net/wireless/realtek/rtw88/coex.c
index cedbf3825848..6ecb01294ddd 100644
--- a/drivers/net/wireless/realtek/rtw88/coex.c
+++ b/drivers/net/wireless/realtek/rtw88/coex.c
@@ -591,8 +591,10 @@  void rtw_coex_info_response(struct rtw_dev *rtwdev, struct sk_buff *skb)
 	struct rtw_coex *coex = &rtwdev->coex;
 	u8 *payload = get_payload_from_coex_resp(skb);
 
-	if (payload[0] != COEX_RESP_ACK_BY_WL_FW)
+	if (payload[0] != COEX_RESP_ACK_BY_WL_FW) {
+		dev_kfree_skb_any(skb);
 		return;
+	}
 
 	skb_queue_tail(&coex->queue, skb);
 	wake_up(&coex->wait);
@@ -3523,6 +3525,7 @@  static bool rtw_coex_get_bt_reg(struct rtw_dev *rtwdev,
 
 	payload = get_payload_from_coex_resp(skb);
 	*val = GET_COEX_RESP_BT_REG_VAL(payload);
+	dev_kfree_skb_any(skb);
 
 	return true;
 }
@@ -3543,6 +3546,7 @@  static bool rtw_coex_get_bt_patch_version(struct rtw_dev *rtwdev,
 	payload = get_payload_from_coex_resp(skb);
 	*patch_version = GET_COEX_RESP_BT_PATCH_VER(payload);
 	ret = true;
+	dev_kfree_skb_any(skb);
 
 out:
 	return ret;
@@ -3564,6 +3568,7 @@  static bool rtw_coex_get_bt_supported_version(struct rtw_dev *rtwdev,
 	payload = get_payload_from_coex_resp(skb);
 	*supported_version = GET_COEX_RESP_BT_SUPP_VER(payload);
 	ret = true;
+	dev_kfree_skb_any(skb);
 
 out:
 	return ret;
@@ -3585,6 +3590,7 @@  static bool rtw_coex_get_bt_supported_feature(struct rtw_dev *rtwdev,
 	payload = get_payload_from_coex_resp(skb);
 	*supported_feature = GET_COEX_RESP_BT_SUPP_FEAT(payload);
 	ret = true;
+	dev_kfree_skb_any(skb);
 
 out:
 	return ret;
diff --git a/drivers/net/wireless/realtek/rtw88/fw.c b/drivers/net/wireless/realtek/rtw88/fw.c
index 58f4e47aa96a..d4c92b3de440 100644
--- a/drivers/net/wireless/realtek/rtw88/fw.c
+++ b/drivers/net/wireless/realtek/rtw88/fw.c
@@ -245,10 +245,12 @@  void rtw_fw_c2h_cmd_rx_irqsafe(struct rtw_dev *rtwdev, u32 pkt_offset,
 		break;
 	case C2H_WLAN_RFON:
 		complete(&rtwdev->lps_leave_check);
+		dev_kfree_skb_any(skb);
 		break;
 	case C2H_SCAN_RESULT:
 		complete(&rtwdev->fw_scan_density);
 		rtw_fw_scan_result(rtwdev, c2h->payload, len);
+		dev_kfree_skb_any(skb);
 		break;
 	default:
 		/* pass offset for further operation */
diff --git a/drivers/net/wireless/realtek/rtw88/main.c b/drivers/net/wireless/realtek/rtw88/main.c
index 47f4838d0c58..eb961ea6c47f 100644
--- a/drivers/net/wireless/realtek/rtw88/main.c
+++ b/drivers/net/wireless/realtek/rtw88/main.c
@@ -1831,6 +1831,7 @@  void rtw_core_deinit(struct rtw_dev *rtwdev)
 	destroy_workqueue(rtwdev->tx_wq);
 	spin_lock_irqsave(&rtwdev->tx_report.q_lock, flags);
 	skb_queue_purge(&rtwdev->tx_report.queue);
+	skb_queue_purge(&rtwdev->coex.queue);
 	spin_unlock_irqrestore(&rtwdev->tx_report.q_lock, flags);
 
 	list_for_each_entry_safe(rsvd_pkt, tmp, &rtwdev->rsvd_page_list,