diff mbox series

wifi: ath12k: fix leaking michael_mic for non-primary links

Message ID 20241206054552.177424-1-quic_bqiang@quicinc.com (mailing list archive)
State Accepted
Delegated to: Jeff Johnson
Headers show
Series wifi: ath12k: fix leaking michael_mic for non-primary links | expand

Commit Message

Baochen Qiang Dec. 6, 2024, 5:45 a.m. UTC
In ath12k_dp_rx_peer_frag_setup(), commit ea4192553850 ("wifi: ath12k: add primary
link for data path operations") checks whether a link is the primary link, and
returns directly if it isn't. In ML scenario where we have non-primary links created,
this results in leaking the michael_mic info since it is allocated by default but
could never be freed for a non-primary link.

Note that we can not move the might-sleep allocation after primary link check since
there we are in atomic context (due to spin lock). So keep the default allocation,
and then free it before return to fix this issue.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Fixes: ea4192553850 ("wifi: ath12k: add primary link for data path operations")
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
---
 drivers/net/wireless/ath/ath12k/dp_rx.c | 1 +
 1 file changed, 1 insertion(+)


base-commit: 3b2ab397d31f926523f2781d7f0a14a387415bf4

Comments

Jeff Johnson Dec. 6, 2024, 8:48 p.m. UTC | #1
On 12/5/2024 9:45 PM, Baochen Qiang wrote:
> In ath12k_dp_rx_peer_frag_setup(), commit ea4192553850 ("wifi: ath12k: add primary
> link for data path operations") checks whether a link is the primary link, and
> returns directly if it isn't. In ML scenario where we have non-primary links created,
> this results in leaking the michael_mic info since it is allocated by default but
> could never be freed for a non-primary link.
> 
> Note that we can not move the might-sleep allocation after primary link check since
> there we are in atomic context (due to spin lock). So keep the default allocation,
> and then free it before return to fix this issue.
> 
> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
> 
> Fixes: ea4192553850 ("wifi: ath12k: add primary link for data path operations")
> Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>

Acked-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Kalle Valo Dec. 9, 2024, 3:37 p.m. UTC | #2
Baochen Qiang <quic_bqiang@quicinc.com> writes:

> In ath12k_dp_rx_peer_frag_setup(), commit ea4192553850 ("wifi: ath12k: add primary
> link for data path operations") checks whether a link is the primary link, and
> returns directly if it isn't. In ML scenario where we have non-primary links created,
> this results in leaking the michael_mic info since it is allocated by default but
> could never be freed for a non-primary link.
>
> Note that we can not move the might-sleep allocation after primary link check since
> there we are in atomic context (due to spin lock). So keep the default allocation,
> and then free it before return to fix this issue.
>
> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
>
> Fixes: ea4192553850 ("wifi: ath12k: add primary link for data path operations")
> Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>

Acked-by: Kalle Valo <kvalo@kernel.org>
Jeff Johnson Dec. 11, 2024, 5:20 p.m. UTC | #3
On Fri, 06 Dec 2024 13:45:52 +0800, Baochen Qiang wrote:
> In ath12k_dp_rx_peer_frag_setup(), commit ea4192553850 ("wifi: ath12k: add primary
> link for data path operations") checks whether a link is the primary link, and
> returns directly if it isn't. In ML scenario where we have non-primary links created,
> this results in leaking the michael_mic info since it is allocated by default but
> could never be freed for a non-primary link.
> 
> Note that we can not move the might-sleep allocation after primary link check since
> there we are in atomic context (due to spin lock). So keep the default allocation,
> and then free it before return to fix this issue.
> 
> [...]

Applied, thanks!

[1/1] wifi: ath12k: fix leaking michael_mic for non-primary links
      commit: 02f41c8aa643b0d329ee9fa3f3341919bf86b759

Best regards,
diff mbox series

Patch

diff --git a/drivers/net/wireless/ath/ath12k/dp_rx.c b/drivers/net/wireless/ath/ath12k/dp_rx.c
index b24d1de4aabb..f8e79eff2089 100644
--- a/drivers/net/wireless/ath/ath12k/dp_rx.c
+++ b/drivers/net/wireless/ath/ath12k/dp_rx.c
@@ -2830,6 +2830,7 @@  int ath12k_dp_rx_peer_frag_setup(struct ath12k *ar, const u8 *peer_mac, int vdev
 
 	if (!peer->primary_link) {
 		spin_unlock_bh(&ab->base_lock);
+		crypto_free_shash(tfm);
 		return 0;
 	}