Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp5062885pxb; Mon, 15 Feb 2021 08:32:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJxtc42LK5AwjRwFCSzEO7Tm8yi5J16VfogVe7vZUex1lD5+hZ4vbyKU+tNh3z7xJQJSePqq X-Received: by 2002:a17:907:1b02:: with SMTP id mp2mr16900504ejc.419.1613406740993; Mon, 15 Feb 2021 08:32:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613406740; cv=none; d=google.com; s=arc-20160816; b=DdOsq8GNMPIu1s9Tqti7fhidV/CT+5sn4YqCuT6IFfkMtsr0AmyxrkA4q8qiH3y5ki npBD6imPkgXDlnOhXjGh/JrlbhGKU7vx7RCXP2e1Oz7bzY9vFZ3L5oZyWZxHJULFnOnL YDBEGpF2IKLRKKpPuJ0v4Qu/hnCzhDLBNPd2hpI7L9M3pEOrRB8LuzmBH+wfsX6Ng2Kb mBAaRK1v96S0DXWmvkYoT+WNqT7EzJb5u/znKnaJupSWNgR2rhgE7WF5JpAI3YwyvT4A mkUx5EaPwIGoKLMOrz+6eregIoTKxZbmyXi4hyO8pA3cnyklSivJW8lOdji6zGTUtMt+ Snjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6eAC1fXTsp8I/3S3cNg3Th2myT5O8UIhcV2jvLmRvHc=; b=VxWIcI7b9Z4BCq1kPMfpczFqcFFtYf4E9nZZULOnbTxYZnvGn6iPlVEEOom/pe/24M VbMCtu4w6mZxBsP/M7OulL145JZtIXoq61WZ0jdBQ1GhcutPxlmsUehRrGENwY1UBDxs UFeDxNn1dumk/Ne0NEQPnfxWk4G8LkEf8e7xGDBe4vodWfN42IySkECn/NczW8gcQUQB mLiIMjw1uPVs7qgc3d1JeJxrfNmnJs9zNnzGshfGHOrot4bXsGnf9gZhEBAdheS1nthz HK0V3ShrnYVgrAKzg/2Y+Dy7tKdtbR/LUDSoSVVjNtY7YLw0Wk5urWFu0heIy5KmfbpR 1PwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=tnI+SDvZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v4si16101577edj.37.2021.02.15.08.31.58; Mon, 15 Feb 2021 08:32:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=tnI+SDvZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232347AbhBOQ2i (ORCPT + 99 others); Mon, 15 Feb 2021 11:28:38 -0500 Received: from mail.kernel.org ([198.145.29.99]:49638 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231318AbhBOPhF (ORCPT ); Mon, 15 Feb 2021 10:37:05 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 178C664EDF; Mon, 15 Feb 2021 15:32:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1613403162; bh=d1CUVYk0SC2MJPPsLMtuThawV9TOFuQjU/XcEX12xzA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tnI+SDvZ0hFGgfApVqxFZvpO6NzCP+EG6KKjI5aaXL135dxMrrf3Kix2CT2pOQNCz F+C/USR8dSUVp1TCuy0rJ3iMnG6hnSaotTfyLRY7vOjxO/yz7vV71HEIFAKE78BPMb Sw/bOgWt8rrHeIgco1H0DIDuHpzyb0hMuC0BL1zA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lorenzo Bianconi , Felix Fietkau , Kalle Valo , Sasha Levin Subject: [PATCH 5.10 052/104] mt76: dma: fix a possible memory leak in mt76_add_fragment() Date: Mon, 15 Feb 2021 16:27:05 +0100 Message-Id: <20210215152721.159111487@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210215152719.459796636@linuxfoundation.org> References: <20210215152719.459796636@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Lorenzo Bianconi [ Upstream commit 93a1d4791c10d443bc67044def7efee2991d48b7 ] Fix a memory leak in mt76_add_fragment routine returning the buffer to the page_frag_cache when we receive a new fragment and the skb_shared_info frag array is full. Fixes: b102f0c522cf6 ("mt76: fix array overflow on receiving too many fragments for a packet") Signed-off-by: Lorenzo Bianconi Acked-by: Felix Fietkau Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/4f9dd73407da88b2a552517ce8db242d86bf4d5c.1611616130.git.lorenzo@kernel.org Signed-off-by: Sasha Levin --- drivers/net/wireless/mediatek/mt76/dma.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/dma.c b/drivers/net/wireless/mediatek/mt76/dma.c index 145e839fea4e5..917617aad8d3c 100644 --- a/drivers/net/wireless/mediatek/mt76/dma.c +++ b/drivers/net/wireless/mediatek/mt76/dma.c @@ -519,15 +519,17 @@ static void mt76_add_fragment(struct mt76_dev *dev, struct mt76_queue *q, void *data, int len, bool more) { - struct page *page = virt_to_head_page(data); - int offset = data - page_address(page); struct sk_buff *skb = q->rx_head; struct skb_shared_info *shinfo = skb_shinfo(skb); if (shinfo->nr_frags < ARRAY_SIZE(shinfo->frags)) { - offset += q->buf_offset; + struct page *page = virt_to_head_page(data); + int offset = data - page_address(page) + q->buf_offset; + skb_add_rx_frag(skb, shinfo->nr_frags, page, offset, len, q->buf_size); + } else { + skb_free_frag(data); } if (more) -- 2.27.0