Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp10450204rwl; Mon, 2 Jan 2023 02:54:56 -0800 (PST) X-Google-Smtp-Source: AMrXdXvHrzsJRcwrPj0FjJp1RniPwcgjyYjW8udIBnw1d09Mz4WNm9lKXZEDcaNX0f+MmCdNpDaO X-Received: by 2002:a17:907:b686:b0:7c1:7c3a:ffba with SMTP id vm6-20020a170907b68600b007c17c3affbamr39832813ejc.35.1672656896025; Mon, 02 Jan 2023 02:54:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672656896; cv=none; d=google.com; s=arc-20160816; b=TmsY0yHCKR7DWLGmIz0Ml0AK9UFuoXvbZD4EQJUz/jjMDrnCHUJkIGi2mJ1JeIY4iG YSzqQy084yLnbiQmO+6cbKZ5C2C7bi7xAQv/H5kXcTdQktbBOWZ+rkK9OVDImlj43Bz7 6A60WfsG5DSSGFhbGDGDXw0TR/ukbRlMlhzs152a3hWsd7aWDmOUK4w+Xg4qRv2OUW8b rpBBgxlCtpuhGjMnbUvhQ8jE9JeG8GCMAmRX/4iHZFLbs+cKlEngG9Wsm5Jao93oZ+c0 q7/kBYoZnQsOD99Ffq7O7UDxKE9Y1hUPNAMJ/rIXG8lREDpW9JgY9HSYK8YDfJ/LH2kI iiQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:from; bh=6RY7S+y0DfUAy1fUOzzhODWlfsBE1dPJ6/GMcHruOqE=; b=OIa5N3o+0JSYUPXRW8nD+Xv54fkHbBI05ZvQZJwqwvhDYwz4IwMdTJpwSfW9thFJXh 9kVAbmtCriTEpnoXOS3ku6XJjZaeWwwPXm2w9VjtlROVf24BWcw2K7LUu447InEwGZYK D7qPrxD0HMX6ApZghLkKgotJ5h6pUCTx9HCt1VP+9P1YVlXT/rTj/si0R1GVPbINg4pH 3kCMt5WJPPAvQKOAvpK3hUiHd89Q+nFSdLpBuCGJ+zdvY3FDKBwpuY2C1NXnrpFTzYyd 7Yu5gR+UEPZKrIz+IE/5fOiGh3iZbWftrT9bBOAmj5b+tX3ANEov8sKv1AfAIcEbkkmt 3QZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@toke.dk header.s=20161023 header.b=HGAfbwaP; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=toke.dk Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ji5-20020a170907980500b007addbdb9fbbsi25878203ejc.558.2023.01.02.02.54.35; Mon, 02 Jan 2023 02:54:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@toke.dk header.s=20161023 header.b=HGAfbwaP; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=toke.dk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232626AbjABKwx (ORCPT + 66 others); Mon, 2 Jan 2023 05:52:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51596 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233019AbjABKwT (ORCPT ); Mon, 2 Jan 2023 05:52:19 -0500 Received: from mail.toke.dk (mail.toke.dk [IPv6:2a0c:4d80:42:2001::664]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53695617D; Mon, 2 Jan 2023 02:52:12 -0800 (PST) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1672656728; bh=6RY7S+y0DfUAy1fUOzzhODWlfsBE1dPJ6/GMcHruOqE=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=HGAfbwaPX15G6g+ykzFUphONZa6cHD4tmr++hWxlm1lwHgmXXniCKyADTnuxISCZy 5z2F0DpyjMKdyNOBn5M+WIlTo2bK7wC59R+tsAfyyBfE4Ryc/4J5n8hhXDRFA5/y0I aM08txXOGPq5+rTxc1veknpYjo7aIg1Key8dQjOfJtId5vhMaBzpd42HMLXNLLKxQ3 cZjskCGUplKAhv/H56+1G0iBlCbxXpCH+JwAFJq1aT9fvoiPn75IECMoR9xnc1E7gv YPm2tlXoWF9dEG0xJYdi1VQVyLuvcA6dnv5rG3Yl6mhYjy1GgMy3KJbRfnIxvQEBai PALSDZx9vUBCA== To: Fedor Pchelkin , Kalle Valo Cc: Fedor Pchelkin , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Zekun Shen , Joe Perches , "John W. Linville" , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Alexey Khoroshilov , lvc-project@linuxtesting.org Subject: Re: [PATCH] wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails In-Reply-To: <20221228224008.146343-1-pchelkin@ispras.ru> References: <20221228224008.146343-1-pchelkin@ispras.ru> Date: Mon, 02 Jan 2023 11:52:05 +0100 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <87h6x95huy.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Fedor Pchelkin writes: > Syzkaller detected a memory leak of skbs in ath9k_hif_usb_rx_stream(). > While processing skbs in ath9k_hif_usb_rx_stream(), the already allocated > skbs in skb_pool are not freed if ath9k_hif_usb_rx_stream() fails. If we > have an incorrect pkt_len or pkt_tag, the skb is dropped and all the > associated skb_pool buffers should be cleaned, too. > > Found by Linux Verification Center (linuxtesting.org) with Syzkaller. > > Fixes: 6ce708f54cc8 ("ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream") > Fixes: 44b23b488d44 ("ath9k: hif_usb: Reduce indent 1 column") > Signed-off-by: Fedor Pchelkin > Signed-off-by: Alexey Khoroshilov Is this the same issue reported in https://lore.kernel.org/r/000000000000f3e5f805f133d3f7@google.com ? If so, could you please tag the patch appropriately? -Toke