Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp1429336rwp; Thu, 13 Jul 2023 10:40:28 -0700 (PDT) X-Google-Smtp-Source: APBJJlHS+2R83MQT0lpiK2nHWwhsBk0PbnARnRAvKJftGZiMZWLs8aY1nc40yoIPyizx8vMiqNHS X-Received: by 2002:a05:6a00:22c6:b0:668:79d6:34df with SMTP id f6-20020a056a0022c600b0066879d634dfmr3377782pfj.23.1689270027853; Thu, 13 Jul 2023 10:40:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689270027; cv=none; d=google.com; s=arc-20160816; b=ASjaElvjewguBgoclFTyLV0dOGm/hyG8REDHndvGL181hANv88H2X8dLdGpRBV5wV2 15feqTuM7p9PpzFqdcL2/A2nSueucA/mZF7JjbRBAMZdllYO8WOrRh5zqLIe7LL2tbgk JGSueHMrbHCPx1sDWZgSHe2xsSxfflwBlnCNmDk4EI+VbnPL5PqVa3ZmpbZMzBQ8X8Uh Tg7J496fndrqDPVCuBzT2pynpUYtbJWuDJ/2V8H7mMlMUxCCSKoashdrUjdIku0MPaf/ Y5gX9yn0ZKuwQCvFNJSriCu+dqS5xbVDaGfEFnynYU/e55Gfyupf4kMUy5+w17fSvTKs M/nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:date:from:dkim-signature; bh=XG/k/cRtJtXp+BY1mTTrU8F/8twPnwgKPwg/xoLbVKM=; fh=t4E2dHjfdvoMqlukE+b4n49Zzr5HLZP+YolQ1JZnPLU=; b=nsumE90hFAYZppoXRE/zEOSV9sfVcFrJRwyoPCowhc6F6jRHbnERBqm6IfrR4CL321 MYZhKf4BjQjKmC7UmiX4HVdPd2D5n5TmbAmD5rC5kVnlkapotYpPtmjNdRRRH5wAeFJG J3A8o6PfTCncYRx/PQHJdH8XZR5KRsM6mpsrnGrik84hQatrCj7eyiYHuUSENNAPrgyJ WUMvcs4agtUA9MNKJ4yBrmbHXicI/TmJ1mn4C5bQANBjintQ0zZLKKnGohDwYWKxRLVQ Smwg3hgsEfJ2uWkR7Pk6PDplcvmwVtOSkqacHRaEDXRWdYyvKW+XVXveeFfe4kW5OD0R OnqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=evZSon4l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j190-20020a6380c7000000b005347d6bd7eesi5432649pgd.141.2023.07.13.10.40.14; Thu, 13 Jul 2023 10:40:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=evZSon4l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232518AbjGMRgF (ORCPT + 99 others); Thu, 13 Jul 2023 13:36:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56194 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232590AbjGMRgA (ORCPT ); Thu, 13 Jul 2023 13:36:00 -0400 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3973F2723; Thu, 13 Jul 2023 10:35:55 -0700 (PDT) Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-986d8332f50so141956866b.0; Thu, 13 Jul 2023 10:35:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689269753; x=1691861753; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:from:to:cc:subject:date:message-id:reply-to; bh=XG/k/cRtJtXp+BY1mTTrU8F/8twPnwgKPwg/xoLbVKM=; b=evZSon4l1w3MFy/kCvyyEqoToXQToZRIyQSE9MND+5jNfHLI1TOCN+fjMOdMWOA+eS SzG6Y6kTOYR4Z/Krhkc6fJHoZayn+73DK3FCT9ATfk7bRASMH1TfvrUsJs60UlE/aYfP qeEoeRn4twXlBqmEjfP74nuKcGUY9y7qtuT0vLISYCbtAsSQbbnOeRROTUlWHHPkkC+M fH3JbQ6FuK8MZVAWkbkJrk/54EUGSnvXAtPfK5f7bh/aMvWrU5ott8xJPk29+ahNZ7uh NVqogluvhA43Bj6BaNjawBGZs9zKBlK5fduPGsjcO3yyuB3MFukoncPmBtWdHzCqP5p7 njsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689269753; x=1691861753; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=XG/k/cRtJtXp+BY1mTTrU8F/8twPnwgKPwg/xoLbVKM=; b=aQoXX4n+4iq51i1tk2Bez8ubQ5isIrVIzw7L3AVTeVTKNQFNOY4CvzCre20i11j6RA o95ULQYvDLRE/J5cBgHy7Hmd9B4vmOydlaHCW0GXGAWNzPCMycl1TzTBz55k57P7aCl7 Z965RkJ9UkYyff96Aif3uCmmMMUX/ifvsEXVFqBl6g86PdY8IE7MgMIoq9f0ziJdplwa INxEFfPAsF5gbNdtvCG+dWXfqk6yXkTVdP9vKfDVgYLznH9q+FLYEpWhJ43ZSMSAmvvI NnYAnEISeHUI3/IvHnjK/LeENGR+QHtojzm1iDas/QHU6E3FAxmp10FO//m88/xFGWeJ rbCw== X-Gm-Message-State: ABy/qLYkTMfGtPCEr4z3LCtTpgwSJmutL3eA8r2D1uVWq+P2JSx03+CU BU9sfsAgcfYdqwusSYE8a62brDHR0A8= X-Received: by 2002:a17:906:8474:b0:993:d589:8b70 with SMTP id hx20-20020a170906847400b00993d5898b70mr2158652ejc.10.1689269753041; Thu, 13 Jul 2023 10:35:53 -0700 (PDT) Received: from nam-dell (ip-217-105-46-58.ip.prioritytelecom.net. [217.105.46.58]) by smtp.gmail.com with ESMTPSA id v11-20020a1709061dcb00b00986211f35bdsm4204682ejh.80.2023.07.13.10.35.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Jul 2023 10:35:52 -0700 (PDT) From: Your Name X-Google-Original-From: Your Name Date: Thu, 13 Jul 2023 19:35:51 +0200 To: Larry Finger Cc: gregkh@linuxfoundation.org, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org, syzbot+cf71097ffb6755df8251@syzkaller.appspotmail.com, stable@vger.kernel.org Subject: Re: [PATCH] staging: 7811: Fix memory leak in _r8712_init_xmit_priv Message-ID: References: <20230712205733.29794-1-Larry.Finger@lwfinger.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230712205733.29794-1-Larry.Finger@lwfinger.net> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 12, 2023 at 03:57:32PM -0500, Larry Finger wrote: > In the above mentioned routine, memory is allocated in several places. > If the first succeeds and a later one fails, the routine will leak memory. > Fixes commit 2865d42c78a9 ("staging: r8712u: Add the new driver to the > mainline kernel"). > > Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel") > Reported-by: syzbot+cf71097ffb6755df8251@syzkaller.appspotmail.com > Cc: stable@vger.kernel.org > Signed-off-by: Larry Finger > --- > drivers/staging/rtl8712/rtl871x_xmit.c | 19 ++++++++++++------- > 1 file changed, 12 insertions(+), 7 deletions(-) > > diff --git a/drivers/staging/rtl8712/rtl871x_xmit.c b/drivers/staging/rtl8712/rtl871x_xmit.c > index 090345bad223..16b815588b97 100644 > --- a/drivers/staging/rtl8712/rtl871x_xmit.c > +++ b/drivers/staging/rtl8712/rtl871x_xmit.c > @@ -117,11 +117,8 @@ int _r8712_init_xmit_priv(struct xmit_priv *pxmitpriv, > _init_queue(&pxmitpriv->pending_xmitbuf_queue); > pxmitpriv->pallocated_xmitbuf = > kmalloc(NR_XMITBUFF * sizeof(struct xmit_buf) + 4, GFP_ATOMIC); > - if (!pxmitpriv->pallocated_xmitbuf) { > - kfree(pxmitpriv->pallocated_frame_buf); > - pxmitpriv->pallocated_frame_buf = NULL; > - return -ENOMEM; > - } > + if (!pxmitpriv->pallocated_xmitbuf) > + goto clean_up_frame_buf; > pxmitpriv->pxmitbuf = pxmitpriv->pallocated_xmitbuf + 4 - > ((addr_t)(pxmitpriv->pallocated_xmitbuf) & 3); > pxmitbuf = (struct xmit_buf *)pxmitpriv->pxmitbuf; > @@ -130,12 +127,12 @@ int _r8712_init_xmit_priv(struct xmit_priv *pxmitpriv, > pxmitbuf->pallocated_buf = > kmalloc(MAX_XMITBUF_SZ + XMITBUF_ALIGN_SZ, GFP_ATOMIC); > if (!pxmitbuf->pallocated_buf) > - return -ENOMEM; > + goto clean_up_xmit_buf; > pxmitbuf->pbuf = pxmitbuf->pallocated_buf + XMITBUF_ALIGN_SZ - > ((addr_t) (pxmitbuf->pallocated_buf) & > (XMITBUF_ALIGN_SZ - 1)); > if (r8712_xmit_resource_alloc(padapter, pxmitbuf)) > - return -ENOMEM; > + goto clean_up_xmit_buf; > list_add_tail(&pxmitbuf->list, > &(pxmitpriv->free_xmitbuf_queue.queue)); > pxmitbuf++; > @@ -146,6 +143,14 @@ int _r8712_init_xmit_priv(struct xmit_priv *pxmitpriv, > init_hwxmits(pxmitpriv->hwxmits, pxmitpriv->hwxmit_entry); > tasklet_setup(&pxmitpriv->xmit_tasklet, r8712_xmit_bh); > return 0; > + > +clean_up_xmit_buf: > + kfree(pxmitbuf->pallocated_xmitbuf); > + pxmitbuf->pallocated_buf = NULL; The allocation was done in a loop. Shouldn't memory from previous loop iterations also be freed? And allocation by r8712_xmit_resource_alloc() should be freed too. Best regards, Nam