Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp1210174pxv; Fri, 23 Jul 2021 02:44:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwVRACwWdtvcq59lPD6deXoNeY/nEa9oiAMcvpCb5qNEDj/sGBxkPLRMNH2r10mt5h1s0CA X-Received: by 2002:a05:6402:22cf:: with SMTP id dm15mr4498003edb.280.1627033481039; Fri, 23 Jul 2021 02:44:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627033481; cv=none; d=google.com; s=arc-20160816; b=V9xHiMU1ji2MnJ/GHE/ppPbzEMhVoLBNnRDzR2dZ0jtZMBU/h9UM4/R3J2fvdKMH7u CeBdbPN1iOCKKUbLp6Go7KG8oZ2ovCq3SclT6Tm9KnJttnQcs8Qk1GBj31J7bQz1/kCX OGV8i4qImLWCPYd9QLquS8HEzqD4VxtIiZkzURyeMu5FR3KaM9caBDmAlV0Ry1Y7uBud VNV/0nCFY33sbtVXjHScN+fRMt1uubxBTY8R/LgOsdNdQE9/RAZf3Rn7CcKSpQ1xtDP+ YftFsl2hFXOBvJPt7cYi6FBrQA3DPHuu4DB8QnhZyC9Hiob80Lenc6xAm4LmL1il0adv PQcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=QL92lUyzg90XLPkGnyYRK/cIIOXbUO/VZDi5JxFk4aQ=; b=Onz03ZHjsNpnoq92vTQ2XQOBiSe18fKTQwOC2F9wGYRghk3NBK0o19KFT7sZwdOW+C zWdBZgpuYbOc/2d7i61q5IiOivusYbfgCXmNwpQbE79N3c9aCjBoLu8xi0kFwtZ+Ly/b HMJA3xaUeoJepdYKtB7bi6ZCLVUMBfdidGJveRaEbWkGvDnv2kgt6c1eBYeRZ5vPyrJp ujlZoI/qDG2o9fa94aZAXLRNYV7relQT38S6goe4nzXaj+xsEHUnNnkq1T5MJjqG4SiS keTTTdSRh5vZsU+0nko2frd2/FOWw6b0AQ4YaO9WvD0ZLSfPzp13XASBXWEVLUkY9YP/ iybg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=UvFIjfYU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hx26si5158793ejc.494.2021.07.23.02.44.17; Fri, 23 Jul 2021 02:44:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=UvFIjfYU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231408AbhGWJCQ (ORCPT + 99 others); Fri, 23 Jul 2021 05:02:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231231AbhGWJCP (ORCPT ); Fri, 23 Jul 2021 05:02:15 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77354C061575; Fri, 23 Jul 2021 02:42:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=Content-Transfer-Encoding:MIME-Version: Content-Type:References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To: Resent-Cc:Resent-Message-ID; bh=QL92lUyzg90XLPkGnyYRK/cIIOXbUO/VZDi5JxFk4aQ=; t=1627033369; x=1628242969; b=UvFIjfYU8BvW5RN2N50q0aLQrge7TE0SXPuq3D72g9CsYBt dvjqdaACHDOWOtk3gGjEuQjRgftzY3o/NU7qzya7xJoEYY4aay1SAih7/knD/cAI5vv7fkBpxJMME xj8oOJHm3pRCCOrRy61gjo7ZcMPkqynQU5bg5q9QN2CpHz5sQJRzeAaU01BR9dHQEAPeesMmcT+kg BcwwX+ae6d2OBBB7nNHPk56/IgRlQUWUvid54j7VAB6iWSxQw0DE9OfZmj/r2D0kWe43aQXbE96lp e7zGptITyorX2awH77SfiO88SDBPRNP4h40/MkRm9qoJWH+1wFYAX84SkKBJx8wg==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94.2) (envelope-from ) id 1m6rf0-000UUq-A6; Fri, 23 Jul 2021 11:42:41 +0200 Message-ID: Subject: Re: [PATCH] cfg80211: free the object allocated in wiphy_apply_custom_regulatory From: Johannes Berg To: Dongliang Mu Cc: Kalle Valo , "David S. Miller" , Jakub Kicinski , Luca Coelho , Ilan Peer , syzbot+1638e7c770eef6b6c0d0@syzkaller.appspotmail.com, linux-wireless@vger.kernel.org, "open list:NETWORKING [GENERAL]" , linux-kernel , Dan Carpenter Date: Fri, 23 Jul 2021 11:42:40 +0200 In-Reply-To: References: <20210723050919.1910964-1-mudongliangabcd@gmail.com> <11ba299b812212a07fe3631b7be0e8b8fd5fb569.camel@sipsolutions.net> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.4 (3.38.4-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-malware-bazaar: not-scanned Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Fri, 2021-07-23 at 17:30 +0800, Dongliang Mu wrote: > if zhao in the thread is right, we don't need to add this free > operation to wiphy_free(). Actually, no, that statement is not true. All that zhao claimed was that the free happens correctly during unregister (or later), and that is indeed true, since it happens from ieee80211_unregister_hw() -> wiphy_unregister() -> wiphy_regulatory_deregister() However, syzbot of course is also correct. Abstracting a bit and ignoring mac80211, the problem is that here we assign it before wiphy_register(), then wiphy_register() doesn't get called or fails, and therefore we don't call wiphy_unregister(), only wiphy_free(). Hence the leak. But you can also easily see from that description that it's not related to hwsim - we should add a secondary round of cleanups in wiphy_free() or even move the call to wiphy_regulatory_deregister() into wiphy_free(), we need to look what else this does to see if we can move it or not. johannes