wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup

Message ID	20221229073849.1388315-1-linmq006@gmail.com
State	New
Headers	show Return-Path: <linux-wireless-owner@vger.kernel.org> From: Miaoqian Lin <linmq006@gmail.com> To: Kalle Valo <kvalo@kernel.org>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Manikanta Pubbisetty <mpubbise@codeaurora.org>, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: linmq006@gmail.com Subject: [PATCH] wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup Date: Thu, 29 Dec 2022 11:38:48 +0400 Message-Id: <20221229073849.1388315-1-linmq006@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup \| expand wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup

Message ID

20221229073849.1388315-1-linmq006@gmail.com

State

New

Headers

From: Miaoqian Lin <linmq006@gmail.com>
To: Kalle Valo <kvalo@kernel.org>,
        "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>,
        Manikanta Pubbisetty <mpubbise@codeaurora.org>,
        ath11k@lists.infradead.org, linux-wireless@vger.kernel.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: linmq006@gmail.com
Subject: [PATCH] wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
Date: Thu, 29 Dec 2022 11:38:48 +0400
Message-Id: <20221229073849.1388315-1-linmq006@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup | expand

Commit Message

Miaoqian Lin Dec. 29, 2022, 7:38 a.m. UTC

crypto_alloc_shash() allocates resources, which should be released by
crypto_free_shash(). When ath11k_peer_find() fails, there has memory
leak. Move crypto_alloc_shash() after ath11k_peer_find() to fix this.

Fixes: 243874c64c81 ("ath11k: handle RX fragments")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
---
 drivers/net/wireless/ath/ath11k/dp_rx.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Leon Romanovsky Jan. 1, 2023, 7:44 a.m. UTC | #1

On Thu, Dec 29, 2022 at 11:38:48AM +0400, Miaoqian Lin wrote:
> crypto_alloc_shash() allocates resources, which should be released by
> crypto_free_shash(). When ath11k_peer_find() fails, there has memory
> leak. Move crypto_alloc_shash() after ath11k_peer_find() to fix this.
> 
> Fixes: 243874c64c81 ("ath11k: handle RX fragments")
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
> ---
>  drivers/net/wireless/ath/ath11k/dp_rx.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c
> index c5a4c34d7749..1297caa2b09a 100644
> --- a/drivers/net/wireless/ath/ath11k/dp_rx.c
> +++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
> @@ -3116,10 +3116,6 @@ int ath11k_peer_rx_frag_setup(struct ath11k *ar, const u8 *peer_mac, int vdev_id
>  	struct dp_rx_tid *rx_tid;
>  	int i;
>  
> -	tfm = crypto_alloc_shash("michael_mic", 0, 0);
> -	if (IS_ERR(tfm))
> -		return PTR_ERR(tfm);
> -
>  	spin_lock_bh(&ab->base_lock);
>  
>  	peer = ath11k_peer_find(ab, vdev_id, peer_mac);
> @@ -3129,6 +3125,10 @@ int ath11k_peer_rx_frag_setup(struct ath11k *ar, const u8 *peer_mac, int vdev_id
>  		return -ENOENT;
>  	}
>  
> +	tfm = crypto_alloc_shash("michael_mic", 0, 0);
> +	if (IS_ERR(tfm))
> +		return PTR_ERR(tfm);
> +

You forgot to unlock ab->base_lock.

Thanks

>  	for (i = 0; i <= IEEE80211_NUM_TIDS; i++) {
>  		rx_tid = &peer->rx_tid[i];
>  		rx_tid->ab = ab;
> -- 
> 2.25.1
>

diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c
index c5a4c34d7749..1297caa2b09a 100644
--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
+++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
@@ -3116,10 +3116,6 @@  int ath11k_peer_rx_frag_setup(struct ath11k *ar, const u8 *peer_mac, int vdev_id
 	struct dp_rx_tid *rx_tid;
 	int i;
 
-	tfm = crypto_alloc_shash("michael_mic", 0, 0);
-	if (IS_ERR(tfm))
-		return PTR_ERR(tfm);
-
 	spin_lock_bh(&ab->base_lock);
 
 	peer = ath11k_peer_find(ab, vdev_id, peer_mac);
@@ -3129,6 +3125,10 @@  int ath11k_peer_rx_frag_setup(struct ath11k *ar, const u8 *peer_mac, int vdev_id
 		return -ENOENT;
 	}
 
+	tfm = crypto_alloc_shash("michael_mic", 0, 0);
+	if (IS_ERR(tfm))
+		return PTR_ERR(tfm);
+
 	for (i = 0; i <= IEEE80211_NUM_TIDS; i++) {
 		rx_tid = &peer->rx_tid[i];
 		rx_tid->ab = ab;

wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup

Commit Message

Comments

Patch