2017-09-14 18:17:55

by Larry Finger

[permalink] [raw]
Subject: [PATCH] rtlwifi: rtl8192ee: Fix memory leak when loading firmware

In routine rtl92ee_set_fw_rsvdpagepkt(), the driver allocates an skb, but
never calls rtl_cmd_send_packet(), which will free the buffer. All other
rtlwifi drivers perform this operation correctly.

This problem has been in the driver since it was included in the kernel.
Fortunately, each firmware load only leaks 4 buffers, which likely
explains why it has not previously been detected.

Cc: Stable <[email protected]> # 3.18+
Signed-off-by: Larry Finger <[email protected]>
---
drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c
index 7eae27f8e173..f9563ae301ad 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c
@@ -682,7 +682,7 @@ void rtl92ee_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished)
struct rtl_priv *rtlpriv = rtl_priv(hw);
struct rtl_mac *mac = rtl_mac(rtl_priv(hw));
struct sk_buff *skb = NULL;
-
+ bool rtstatus;
u32 totalpacketlen;
u8 u1rsvdpageloc[5] = { 0 };
bool b_dlok = false;
@@ -768,7 +768,9 @@ void rtl92ee_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished)
skb = dev_alloc_skb(totalpacketlen);
skb_put_data(skb, &reserved_page_packet, totalpacketlen);

- b_dlok = true;
+ rtstatus = rtl_cmd_send_packet(hw, skb);
+ if (rtstatus)
+ b_dlok = true;

if (b_dlok) {
RT_TRACE(rtlpriv, COMP_POWER, DBG_LOUD ,
--
2.12.3


2017-09-20 12:45:00

by Kalle Valo

[permalink] [raw]
Subject: Re: rtlwifi: rtl8192ee: Fix memory leak when loading firmware

Larry Finger <[email protected]> wrote:

> In routine rtl92ee_set_fw_rsvdpagepkt(), the driver allocates an skb, but
> never calls rtl_cmd_send_packet(), which will free the buffer. All other
> rtlwifi drivers perform this operation correctly.
>
> This problem has been in the driver since it was included in the kernel.
> Fortunately, each firmware load only leaks 4 buffers, which likely
> explains why it has not previously been detected.
>
> Cc: Stable <[email protected]> # 3.18+
> Signed-off-by: Larry Finger <[email protected]>

Patch applied to wireless-drivers-next.git, thanks.

519ce2f933fa rtlwifi: rtl8192ee: Fix memory leak when loading firmware

--
https://patchwork.kernel.org/patch/9953677/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches