This driver is fine if memory allocation never fails. However it does not
handle allocation failure well. This can either lead to memory leak, or
unallocated buffers being used.
Nam Cao (4):
Revert "staging: r8712u: Tracking kmemleak false positives."
staging: rtl8712: check for alloc fail in _r8712_init_recv_priv()
staging: rtl8712: check for return value of _r8712_init_xmit_priv()
staging: rtl8712: fix potential memory leak
drivers/staging/rtl8712/os_intfs.c | 27 +++++++++++++++++++++-----
drivers/staging/rtl8712/recv_osdep.h | 8 ++++----
drivers/staging/rtl8712/rtl8712_recv.c | 7 ++++---
drivers/staging/rtl8712/rtl871x_recv.c | 16 ++++++++-------
4 files changed, 39 insertions(+), 19 deletions(-)
--
2.25.1
The function _r8712_init_recv_priv() and also r8712_init_recv_priv()
just returns silently if they fail to allocate memory. Change their
return type to int and add necessary checks and handling if they return
-ENOMEM
Signed-off-by: Nam Cao <[email protected]>
---
drivers/staging/rtl8712/os_intfs.c | 3 ++-
drivers/staging/rtl8712/recv_osdep.h | 8 ++++----
drivers/staging/rtl8712/rtl8712_recv.c | 7 ++++---
drivers/staging/rtl8712/rtl871x_recv.c | 13 +++++++++----
4 files changed, 19 insertions(+), 12 deletions(-)
diff --git a/drivers/staging/rtl8712/os_intfs.c b/drivers/staging/rtl8712/os_intfs.c
index 003e97205124..47d7d998fa86 100644
--- a/drivers/staging/rtl8712/os_intfs.c
+++ b/drivers/staging/rtl8712/os_intfs.c
@@ -309,7 +309,8 @@ int r8712_init_drv_sw(struct _adapter *padapter)
if (ret)
return ret;
_r8712_init_xmit_priv(&padapter->xmitpriv, padapter);
- _r8712_init_recv_priv(&padapter->recvpriv, padapter);
+ ret = _r8712_init_recv_priv(&padapter->recvpriv, padapter);
+ return ret;
memset((unsigned char *)&padapter->securitypriv, 0,
sizeof(struct security_priv));
timer_setup(&padapter->securitypriv.tkip_timer,
diff --git a/drivers/staging/rtl8712/recv_osdep.h b/drivers/staging/rtl8712/recv_osdep.h
index d8c1fa74f544..fbe3f2868506 100644
--- a/drivers/staging/rtl8712/recv_osdep.h
+++ b/drivers/staging/rtl8712/recv_osdep.h
@@ -18,15 +18,15 @@
#include "drv_types.h"
#include <linux/skbuff.h>
-void _r8712_init_recv_priv(struct recv_priv *precvpriv,
- struct _adapter *padapter);
+int _r8712_init_recv_priv(struct recv_priv *precvpriv,
+ struct _adapter *padapter);
void _r8712_free_recv_priv(struct recv_priv *precvpriv);
void r8712_recv_entry(union recv_frame *precv_frame);
void r8712_recv_indicatepkt(struct _adapter *adapter,
union recv_frame *precv_frame);
void r8712_handle_tkip_mic_err(struct _adapter *padapter, u8 bgroup);
-void r8712_init_recv_priv(struct recv_priv *precvpriv,
- struct _adapter *padapter);
+int r8712_init_recv_priv(struct recv_priv *precvpriv,
+ struct _adapter *padapter);
void r8712_free_recv_priv(struct recv_priv *precvpriv);
void r8712_os_recv_resource_alloc(struct _adapter *padapter,
union recv_frame *precvframe);
diff --git a/drivers/staging/rtl8712/rtl8712_recv.c b/drivers/staging/rtl8712/rtl8712_recv.c
index 7f1fdd058551..7da014ab0723 100644
--- a/drivers/staging/rtl8712/rtl8712_recv.c
+++ b/drivers/staging/rtl8712/rtl8712_recv.c
@@ -30,8 +30,8 @@
static void recv_tasklet(struct tasklet_struct *t);
-void r8712_init_recv_priv(struct recv_priv *precvpriv,
- struct _adapter *padapter)
+int r8712_init_recv_priv(struct recv_priv *precvpriv,
+ struct _adapter *padapter)
{
int i;
struct recv_buf *precvbuf;
@@ -44,7 +44,7 @@ void r8712_init_recv_priv(struct recv_priv *precvpriv,
precvpriv->pallocated_recv_buf =
kzalloc(NR_RECVBUFF * sizeof(struct recv_buf) + 4, GFP_ATOMIC);
if (!precvpriv->pallocated_recv_buf)
- return;
+ return -ENOMEM;
precvpriv->precv_buf = precvpriv->pallocated_recv_buf + 4 -
((addr_t)(precvpriv->pallocated_recv_buf) & 3);
precvbuf = (struct recv_buf *)precvpriv->precv_buf;
@@ -75,6 +75,7 @@ void r8712_init_recv_priv(struct recv_priv *precvpriv,
}
pskb = NULL;
}
+ return 0;
}
void r8712_free_recv_priv(struct recv_priv *precvpriv)
diff --git a/drivers/staging/rtl8712/rtl871x_recv.c b/drivers/staging/rtl8712/rtl871x_recv.c
index 4db7eed64a03..8a3566214af7 100644
--- a/drivers/staging/rtl8712/rtl871x_recv.c
+++ b/drivers/staging/rtl8712/rtl871x_recv.c
@@ -42,9 +42,10 @@ void _r8712_init_sta_recv_priv(struct sta_recv_priv *psta_recvpriv)
_init_queue(&psta_recvpriv->defrag_q);
}
-void _r8712_init_recv_priv(struct recv_priv *precvpriv,
- struct _adapter *padapter)
+int _r8712_init_recv_priv(struct recv_priv *precvpriv,
+ struct _adapter *padapter)
{
+ int ret;
sint i;
union recv_frame *precvframe;
@@ -58,7 +59,7 @@ void _r8712_init_recv_priv(struct recv_priv *precvpriv,
sizeof(union recv_frame) + RXFRAME_ALIGN_SZ,
GFP_ATOMIC);
if (!precvpriv->pallocated_frame_buf)
- return;
+ return -ENOMEM;
precvpriv->precv_frame_buf = precvpriv->pallocated_frame_buf +
RXFRAME_ALIGN_SZ -
((addr_t)(precvpriv->pallocated_frame_buf) &
@@ -73,7 +74,11 @@ void _r8712_init_recv_priv(struct recv_priv *precvpriv,
precvframe++;
}
precvpriv->rx_pending_cnt = 1;
- r8712_init_recv_priv(precvpriv, padapter);
+ ret = r8712_init_recv_priv(precvpriv, padapter);
+ if (ret)
+ kfree(precvpriv->pallocated_frame_buf);
+
+ return ret;
}
void _r8712_free_recv_priv(struct recv_priv *precvpriv)
--
2.25.1
This reverts commit 5d3da4a20a271e3cf5496a50cbb8118aa019374f.
This commit annotated false positive for kmemleak. The reasoning is that
the buffers are freed when the driver is unloaded. However, there is
actually potential memory leak when probe fails.
Signed-off-by: Nam Cao <[email protected]>
---
drivers/staging/rtl8712/rtl871x_recv.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/staging/rtl8712/rtl871x_recv.c b/drivers/staging/rtl8712/rtl871x_recv.c
index de9a568eaffa..4db7eed64a03 100644
--- a/drivers/staging/rtl8712/rtl871x_recv.c
+++ b/drivers/staging/rtl8712/rtl871x_recv.c
@@ -17,9 +17,7 @@
#define _RTL871X_RECV_C_
#include <linux/ip.h>
-#include <linux/slab.h>
#include <linux/if_ether.h>
-#include <linux/kmemleak.h>
#include <linux/etherdevice.h>
#include <linux/ieee80211.h>
#include <net/cfg80211.h>
@@ -61,7 +59,6 @@ void _r8712_init_recv_priv(struct recv_priv *precvpriv,
GFP_ATOMIC);
if (!precvpriv->pallocated_frame_buf)
return;
- kmemleak_not_leak(precvpriv->pallocated_frame_buf);
precvpriv->precv_frame_buf = precvpriv->pallocated_frame_buf +
RXFRAME_ALIGN_SZ -
((addr_t)(precvpriv->pallocated_frame_buf) &
--
2.25.1
On Mon, Oct 24, 2022 at 11:24:07PM +0200, Nam Cao wrote:
> The function _r8712_init_recv_priv() and also r8712_init_recv_priv()
> just returns silently if they fail to allocate memory. Change their
> return type to int and add necessary checks and handling if they return
> -ENOMEM
>
> Signed-off-by: Nam Cao <[email protected]>
> ---
> drivers/staging/rtl8712/os_intfs.c | 3 ++-
> drivers/staging/rtl8712/recv_osdep.h | 8 ++++----
> drivers/staging/rtl8712/rtl8712_recv.c | 7 ++++---
> drivers/staging/rtl8712/rtl871x_recv.c | 13 +++++++++----
> 4 files changed, 19 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/staging/rtl8712/os_intfs.c b/drivers/staging/rtl8712/os_intfs.c
> index 003e97205124..47d7d998fa86 100644
> --- a/drivers/staging/rtl8712/os_intfs.c
> +++ b/drivers/staging/rtl8712/os_intfs.c
> @@ -309,7 +309,8 @@ int r8712_init_drv_sw(struct _adapter *padapter)
> if (ret)
> return ret;
> _r8712_init_xmit_priv(&padapter->xmitpriv, padapter);
> - _r8712_init_recv_priv(&padapter->recvpriv, padapter);
> + ret = _r8712_init_recv_priv(&padapter->recvpriv, padapter);
> + return ret;
If statement missing.
> memset((unsigned char *)&padapter->securitypriv, 0,
> sizeof(struct security_priv));
> timer_setup(&padapter->securitypriv.tkip_timer,
regards,
dan carpenter
On Tue, Oct 25, 2022 at 09:57:38AM +0300, Dan Carpenter wrote:
> On Mon, Oct 24, 2022 at 11:24:07PM +0200, Nam Cao wrote:
> > The function _r8712_init_recv_priv() and also r8712_init_recv_priv()
> > just returns silently if they fail to allocate memory. Change their
> > return type to int and add necessary checks and handling if they return
> > -ENOMEM
> >
> > Signed-off-by: Nam Cao <[email protected]>
> > ---
> > drivers/staging/rtl8712/os_intfs.c | 3 ++-
> > drivers/staging/rtl8712/recv_osdep.h | 8 ++++----
> > drivers/staging/rtl8712/rtl8712_recv.c | 7 ++++---
> > drivers/staging/rtl8712/rtl871x_recv.c | 13 +++++++++----
> > 4 files changed, 19 insertions(+), 12 deletions(-)
> >
> > diff --git a/drivers/staging/rtl8712/os_intfs.c b/drivers/staging/rtl8712/os_intfs.c
> > index 003e97205124..47d7d998fa86 100644
> > --- a/drivers/staging/rtl8712/os_intfs.c
> > +++ b/drivers/staging/rtl8712/os_intfs.c
> > @@ -309,7 +309,8 @@ int r8712_init_drv_sw(struct _adapter *padapter)
> > if (ret)
> > return ret;
> > _r8712_init_xmit_priv(&padapter->xmitpriv, padapter);
> > - _r8712_init_recv_priv(&padapter->recvpriv, padapter);
> > + ret = _r8712_init_recv_priv(&padapter->recvpriv, padapter);
> > + return ret;
>
> If statement missing.
Probably a rebase mistake, the if statement is there in the last patch.
Will send a v2 nonetheless, thank you for noticing this.
Best regards,
Nam