From patchwork Fri Feb 2 16:42:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?SsOpcsO0bWUgUG91aWxsZXI=?= X-Patchwork-Id: 13543155 X-Patchwork-Delegate: kvalo@adurom.com Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2111.outbound.protection.outlook.com [40.107.223.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38EF9148314; Fri, 2 Feb 2024 16:42:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.111 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706892158; cv=fail; b=qb8u0Ad+3Ci8Dog8Z0SvSKu4Ef8gstAHIKx937YUAhVR8JdrNoJYozHRLMqXYIXXQY6dk2s5JO+yMUC/Am1npZEmQPj+uzwtdfpj+hLU4qpsq6nyonr1NW+t+xfS5CSnrslxtMVgN4ZCcmVWWSQxg47t8k65YJT/TW7XDuB/ANQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706892158; c=relaxed/simple; bh=qBJ2JApTIZg3cxwUYvY1ZnDllIOHGiRP35QKsIy1VEA=; h=From:To:Cc:Subject:Date:Message-Id:Content-Type:MIME-Version; b=I2gq5N4ypCZjb+0kDmDLNkcVvUa71XZfeLmkGeIHIBR6DMkIdWagn2W0t1zpe2tBTSB3o8g4MRhP02LdTzIuWt+Kp/AwDdpXwRG7n+PL3KQyvoavoMMyyTOZPQDUgi4E915JZGH4/LJlppo9lsqRwpl6bYKjeUdOCCkhFtP//2o= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=silabs.com; spf=pass smtp.mailfrom=silabs.com; dkim=pass (1024-bit key) header.d=silabs.com header.i=@silabs.com header.b=BZ/82imj; arc=fail smtp.client-ip=40.107.223.111 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=silabs.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=silabs.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=silabs.com header.i=@silabs.com header.b="BZ/82imj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fZcDr0d0yYwj8eiCH56rBjQvrF+05TTT89uTiw4ucIvkyhtBWKpvUfuvnkvHnqp/p+dSj8+ybXpMtWmpRgeoQV+OZ7hbGlhzcPsuGiv8tSoUn6plNdXq0Rz5Pp/CZb4Apv7Qmhzv2kCiKBfCFTh/mNVlQk3JZ2wFl/RF2cYyTuxE8WfT2+bnZC0m6h6AiWWNDCUAcaBNhwBSvWIUJbvKdjIZF9Ho5Ut7m9V8OHLf/BWZkPDnDICVgoxSetYbjttiIgbBzRtcEdmwzduAlgYrR7NpMxk+ZRd7CM4yKdiAO5jSjO3VlpwrRB2yVfd/f1cZVcl3JyhXWctDBoi+vfn6UA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qBJ2JApTIZg3cxwUYvY1ZnDllIOHGiRP35QKsIy1VEA=; b=UoENP4zJBPuhn/CbRC4a8g56PLF4iG9iAzCBVGDTXo/qFyahOG+mw+RT9j23MKc6urFT5qoceuKPO0ZdbiTt6j03C7JhO6bnqNDLMOCUAINlmocxjAO1jpVqBndbRkmWTWRRVOWg+lRUyocFn7xvzc2XOVOHiqY3tJYPNWROYaJeaFTN/4YGJKdFNvxQYrWZuP6k2XGQ8uOoVB4rKSmo0zNBFN7l1Yhe8HnhazB7Jr9030B8Z6lnVkKyZeY1eKMyFdlmUNy4AfEHzxmqRRB5vxjm/znpf62RUzapGYtjwIhAyrvuuXdVg6aj/IbGxZtZhRtrqTD79OTP3izKi4mjpg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=silabs.com; dmarc=pass action=none header.from=silabs.com; dkim=pass header.d=silabs.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=silabs.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qBJ2JApTIZg3cxwUYvY1ZnDllIOHGiRP35QKsIy1VEA=; b=BZ/82imj0tf0++Qg834QunLPQ5P1raWpgHQPS1VwdMl9l9AWuEMPa0ZrUlJXucKXkbSE00HXNb0JUlEc9NZxgGiPMSJ51B7RoLLWCYPuit/I18ccG2Ctq9TTdh/ftflEngYCPTtW92bx+aUBk/I7JSDo6ag6taBhoBQWW8+jma4= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=silabs.com; Received: from IA1PR11MB7773.namprd11.prod.outlook.com (2603:10b6:208:3f0::21) by PH0PR11MB5173.namprd11.prod.outlook.com (2603:10b6:510:39::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.26; Fri, 2 Feb 2024 16:42:33 +0000 Received: from IA1PR11MB7773.namprd11.prod.outlook.com ([fe80::f9c5:aaf6:b3e7:ddcf]) by IA1PR11MB7773.namprd11.prod.outlook.com ([fe80::f9c5:aaf6:b3e7:ddcf%7]) with mapi id 15.20.7249.027; Fri, 2 Feb 2024 16:42:33 +0000 From: =?utf-8?b?SsOpcsO0bWUgUG91aWxsZXI=?= To: linux-wireless@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Kalle Valo , linux-devel@silabs.com, =?utf-8?b?SsOpcsO0bWUgUG91aWxsZXI=?= , Ulrich Mohr Subject: [PATCH] wifi: wfx: fix memory leak when starting AP Date: Fri, 2 Feb 2024 17:42:13 +0100 Message-Id: <20240202164213.1606145-1-jerome.pouiller@silabs.com> X-Mailer: git-send-email 2.39.2 X-ClientProxiedBy: PR3P251CA0005.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:b5::12) To IA1PR11MB7773.namprd11.prod.outlook.com (2603:10b6:208:3f0::21) Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: IA1PR11MB7773:EE_|PH0PR11MB5173:EE_ X-MS-Office365-Filtering-Correlation-Id: ae0b9ebd-fc36-4065-115e-08dc240df42b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lDEQkH6ded3+pqa57EsqGH5IBEJ1SWZE2tTJr/0IjY/qGuiLY5CPf84+uQOo4IxKjwgiiY/7QkEKIiSMw1oVESk/R9+JMWCcXBV/Zu6GSoPQJE+S7wHKBVfrOg+5SUF0jRXWEpbW7yMdAGFnzLxa7IJU/72+Iayw9h3ZUklSIv/OkzSa0QL0fa+rR+aJ98qvBon9C8GSYe32QP5ik0AjdOC8ure8rEBXIJ+0H6ys4PmRDPOjRcQrmTyO1Su8DQHP0il7v7RqGeX//U9IXqKKTc43OoiiSmzpmVSpg6dGjM6Gqsi28WyAJdDPfgiLdJPDBZRk+/4p0plfvq42bCKEbHy0uIrddJ6jQOVOVonhRd8hXo9BTi1hKX5p0fqGXZNrectq7+R7lrrW2ttr/RhAv9wC/H+h4zr2Q8t9ZbX9RGaiif0ybOSsEoGyxe88aqbC1w7Vm8NEfCCjqf4egT6XGA+nQfe38yNxUuzcWnf9cMYBDQ6U2TRqoVGIMtAxLKVs/KjVdH2IFUahXQ9ZF0ic0JTaW8YLf2aFFfxTQ0wrFGSXiynCdSuLqlJivFYcekdQ5KlWITWbS2V9Om7yNi507wWQdIzCbIUWdwJbPFXhk+hByAAHfJoUB6l+WKKZQ8ETMI9odulx7/h7iUTMkIISYA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA1PR11MB7773.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(39850400004)(136003)(366004)(346002)(396003)(376002)(230922051799003)(64100799003)(186009)(1800799012)(451199024)(83380400001)(36756003)(41300700001)(86362001)(38350700005)(8676002)(54906003)(38100700002)(1076003)(6512007)(2616005)(26005)(66476007)(2906002)(8936002)(6506007)(478600001)(6916009)(6486002)(66556008)(316002)(5660300002)(6666004)(66946007)(52116002)(4326008)(505234007);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?ouKXtzg2sw5Qf4NG2pUjZdcrQ58Z?= =?utf-8?q?ZsVz3cMWJHKQjx09LGRKPWEG+WaIWf05wY1hj/+KqaOD0f7y7x2CicvEAKcFOl6ED?= =?utf-8?q?d1AXZNr7imtLAyLfINNxlPXfBpKuzb475O2UT68xGMVnSI9eXYbQz2gbNXOKS3nk0?= =?utf-8?q?Bq1Qs+kHs4IXqItgOYXdUg4kNuOpydYp0Y36oCAn0g/3TUlSZiRSz3/PP0/mxNolV?= =?utf-8?q?nknQgtNa9+QKQoKKzodw35vpjeFDEmXgGlKskHmf71kFVk9JHPkIlYhqgOmT/ytnu?= =?utf-8?q?AsaZO+6jzLVoqthgvr1vd9MR8lekARxkd/JjBcUohp4Yiw9MtjFkC3jElA7ZxfE22?= =?utf-8?q?bUUHJYlKcx28m5BHk5FyOFO92ypGfWk6992bCytSFvxgTlUZgWP/kGz3aJ22XnlhP?= =?utf-8?q?QBL8Pvd5GjrkKdKV8lEMcBZA6y/u+4Vuwc49E9IIwo6N9HJ93asMc0agbaeEGoXbE?= =?utf-8?q?WIm5mYW5W5ie9b0nDK9erUOxwPY6AmOpva0HPL516n6xUp5GNbYc2WCnbbcvy2UwV?= =?utf-8?q?fAmtCoIlqJ6c3l1GlTsZAEXxV89jpa1IpyfzNCAJxNEX59ritbbgewCsRJ8MspEii?= =?utf-8?q?hgK2QjiilfmjQKdDc+j3zRctiMPxuEZT7HsJK+xBjQLvccjkGcZjn/NgrXANjLDX+?= =?utf-8?q?DUea1WiWW958txb/QPsjafr00HtYu3Ax59gesm4TRfl7wFlWzOcJivud8CTlmVxOs?= =?utf-8?q?EAeZWYgxlOiNSWgc7B/xMW6FA8xXjG9Xr+qbupA9+CavEeEM33uiTUbS/MmoYK0XM?= =?utf-8?q?Ekk9IbTlnvO3XV+/+Z1GarHGVVa+lByRIeQg7RmMu2osVPxz6t/xXjKHChoFjo8R3?= =?utf-8?q?b4e+L5smLmNEwmvv/MBuX2skr9MZbfM2/s8qQJTIw9HSrJBMGENFhDTP5Lr041KjW?= =?utf-8?q?MZf7+hs4OBmZLrDdNiYbkSe7OsT202YwBPTTK6Ujr75YzLsJMBIsgrUEdMDODfqGG?= =?utf-8?q?TlN/e2M+SQyD9eB0pQ126DwUI6d9x1qwKqEXBo+ZvQfN6NFmSZ0UhMoSB34/QtLA9?= =?utf-8?q?b7W2FOojbbi7WYdIVakojNAHmz28de4XRAyJ+6MoMJfroBhfSb0gTVyCAFn2E7nxG?= =?utf-8?q?CDbkstjZno4I45KAXu7Ry5Ai3b5DHsOB5KDeGWQO91ipc0N18mPblnUdlkTcQBOAv?= =?utf-8?q?JM5CJNpNcwXw7xksz/fMiopU8blDKcXRS+ZzspluxCbVfqDBb2ZeLuC4YkqxuYJQD?= =?utf-8?q?R1GMQsI9mdt0u4rDOfGvlEJzw9w74rqBOjfNDvr21WaAPBs2Xyt2c4/PSO3d+mvFQ?= =?utf-8?q?GUr9K510PAmWM+Ls+Fe40UoXAiuF/oFMHrPUz/4ehY1D1zM/LtpAhIhDnR43ml2Uc?= =?utf-8?q?A+mKriSI90y112t4Ac22TG124C+RahTAXTTHD2zRDjizXi499t+cKHsIteza/bGKm?= =?utf-8?q?hAK8yHag/GidxSDdrHUpYLNWcDdrU90gsM2bJiURBPgvl4ot+vUC27pZIOcZ2J6y/?= =?utf-8?q?JVihKWWY5g5ZgMx1YW8OsJnbuCf2ZoiG4JSWf8sjQOY1SPSgvIrl6ThjkfyI3YyR6?= =?utf-8?q?q/eRxP/9fKld?= X-OriginatorOrg: silabs.com X-MS-Exchange-CrossTenant-Network-Message-Id: ae0b9ebd-fc36-4065-115e-08dc240df42b X-MS-Exchange-CrossTenant-AuthSource: IA1PR11MB7773.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Feb 2024 16:42:33.0542 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 54dbd822-5231-4b20-944d-6f4abcd541fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OEk2NKJB1ltqMnyDeNP1VufoB4U/AAohbxDrvcStLeCJpNbZyPL83Pbqmgmu4UcjuFT05DtrnbMUGOBgkZLUvQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5173 Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ backtrace: [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac [<127bdd74>] __alloc_skb+0x144/0x170 [] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] ___sys_sendmsg+0x80/0xb4 [<69954f45>] __sys_sendmsg+0x64/0xa8 unreferenced object 0xce087000 (size 1024): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.246s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [<9a993714>] __kmalloc_track_caller+0x230/0x600 [] kmalloc_reserve.constprop.0+0x30/0x74 [] __alloc_skb+0xa0/0x170 [] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] ___sys_sendmsg+0x80/0xb4 However, since the kernel is build optimized, it seems the stack is not accurate. It appears the issue is related to wfx_set_mfp_ap(). The issue is obvious in this function: memory allocated by ieee80211_beacon_get() is never released. Fixing this leak makes kmemleak happy. Reported-by: Ulrich Mohr Co-developed-by: Ulrich Mohr Signed-off-by: Ulrich Mohr Fixes: 268bceec1684 ("staging: wfx: fix BA when device is AP and MFP is enabled") Signed-off-by: Jérôme Pouiller --- drivers/net/wireless/silabs/wfx/sta.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/silabs/wfx/sta.c b/drivers/net/wireless/silabs/wfx/sta.c index 537caf9d914a7..bb4446b88c12b 100644 --- a/drivers/net/wireless/silabs/wfx/sta.c +++ b/drivers/net/wireless/silabs/wfx/sta.c @@ -344,6 +344,7 @@ static int wfx_set_mfp_ap(struct wfx_vif *wvif) const int pairwise_cipher_suite_count_offset = 8 / sizeof(u16); const int pairwise_cipher_suite_size = 4 / sizeof(u16); const int akm_suite_size = 4 / sizeof(u16); + int ret = -EINVAL; const u16 *ptr; if (unlikely(!skb)) @@ -352,22 +353,26 @@ static int wfx_set_mfp_ap(struct wfx_vif *wvif) ptr = (u16 *)cfg80211_find_ie(WLAN_EID_RSN, skb->data + ieoffset, skb->len - ieoffset); if (unlikely(!ptr)) - return -EINVAL; + goto free_skb; ptr += pairwise_cipher_suite_count_offset; if (WARN_ON(ptr > (u16 *)skb_tail_pointer(skb))) - return -EINVAL; + goto free_skb; ptr += 1 + pairwise_cipher_suite_size * *ptr; if (WARN_ON(ptr > (u16 *)skb_tail_pointer(skb))) - return -EINVAL; + goto free_skb; ptr += 1 + akm_suite_size * *ptr; if (WARN_ON(ptr > (u16 *)skb_tail_pointer(skb))) - return -EINVAL; + goto free_skb; wfx_hif_set_mfp(wvif, *ptr & BIT(7), *ptr & BIT(6)); - return 0; + ret = 0; + +free_skb: + dev_kfree_skb(skb); + return ret; } int wfx_start_ap(struct ieee80211_hw *hw, struct ieee80211_vif *vif,