From patchwork Sun Sep 30 10:53:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Seyfried X-Patchwork-Id: 10621419 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 090A9112B for ; Sun, 30 Sep 2018 10:53:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E037F29717 for ; Sun, 30 Sep 2018 10:53:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CF6D128A13; Sun, 30 Sep 2018 10:53:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7389628A13 for ; Sun, 30 Sep 2018 10:53:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728081AbeI3RZs (ORCPT ); Sun, 30 Sep 2018 13:25:48 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:33222 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727991AbeI3RZs (ORCPT ); Sun, 30 Sep 2018 13:25:48 -0400 Received: by mail-wr1-f66.google.com with SMTP id f10-v6so10730187wrs.0; Sun, 30 Sep 2018 03:53:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mJIj+pT5+IKq1OG/ATUiq/2hs7M9ynVD6E1diIINKDA=; b=ufIVTLyTzqNmFfSQWaO5wvCXnGBFXen7wD+n7u93V63gdA+6Q1FwVBU7jZM7f6LARi PSeuVUmYElfX+0cxMydGAIMAKAfCDGp0VRhMWXyE6N8RVKTewOu/UUMNeYSwxADtDdkk TLUUS88trt2rY4C1aWVCnXn0929NQXccUzDDeLtIQ4/tSmEARk2jzCVqBlkpuQGhUujK B7O6uyjD4bY9gtLiOo5GC6kHetjGynw/jXeZ7nmt+kovYIk+ZwaNTXU3PvB1d5kJdpa8 OrY7XfUpvTNR4RbtO3j/61TXcjsFJxYvW90aGOoeCY77pDg46QEpEAOR24mo2UHb9Cjp IAeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mJIj+pT5+IKq1OG/ATUiq/2hs7M9ynVD6E1diIINKDA=; b=DeOedN4HFOALz7bpJoItXe6TuLIWmQN3/VWCQJDScv1h3qWgP54av9H0APMVVuPTWJ U6GdoggvCly0noUZ4mYjfUiEa7J7K/zyYQnyiockS5/E+R1Im92hiGYVnvdBsadpqCcf u862fJUOOJ/QfeJcE6Jo5rjI/YGA5Avt5JIw7MPkZuJIlyyOeoUCLlkXj+gqRdfXgcVU CWeGi4edqrdmCMdrDL01B/ZpXwmzUA6GIV5axycQQgq367y2YJSXVNOo/m9fDeo4xgqp 5fEwAMp1acmdO4cpYAEzn4xBTWmd+rJwOjJq+sgn8n2mUfRrVLu2ROzJ1cljUhe1ynyp /nwg== X-Gm-Message-State: ABuFfohPXo/4yTNBza02OIjH0wc9zMnx8RENve4D/juWiGx3EjT4nehu ibUthoEfcm8YkfQI54a+JzcaWjDR X-Google-Smtp-Source: ACcGV60TI8RzQVCOTFLST6d2U9CgTD/qlvzraEhp+XFYqNGQTCqlNSpR4+Z3gl42lXOeth+cmiU6rg== X-Received: by 2002:adf:ade3:: with SMTP id w90-v6mr3969234wrc.73.1538304794160; Sun, 30 Sep 2018 03:53:14 -0700 (PDT) Received: from strolchi.home.s3e.de (p57B63A04.dip0.t-ipconnect.de. [87.182.58.4]) by smtp.gmail.com with ESMTPSA id j2-v6sm3256299wrw.29.2018.09.30.03.53.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 30 Sep 2018 03:53:13 -0700 (PDT) From: stefan.seyfried@googlemail.com To: linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org Cc: Stefan Seyfried Subject: [PATCH] cfg80211: fix wext-compat memory leak Date: Sun, 30 Sep 2018 12:53:00 +0200 Message-Id: <20180930105300.30797-1-stefan.seyfried@googlemail.com> X-Mailer: git-send-email 2.19.0 MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Stefan Seyfried cfg80211_wext_giwrate and sinfo.pertid might allocate sinfo.pertid via rdev_get_station(), but never release it Signed-off-by: Stefan Seyfried --- net/wireless/wext-compat.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c index 167f7025ac98..f462336aac1c 100644 --- a/net/wireless/wext-compat.c +++ b/net/wireless/wext-compat.c @@ -1277,12 +1277,16 @@ static int cfg80211_wext_giwrate(struct net_device *dev, err = rdev_get_station(rdev, dev, addr, &sinfo); if (err) return err; - if (!(sinfo.filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE))) return -EOPNOTSUPP; rate->value = 100000 * cfg80211_calculate_bitrate(&sinfo.txrate); + /* sta_set_sinfo(), called from ieee80211_get_station(), called from + * rdev_get_station via rdev->ops->get_station, allocates pertid struct + * which we do not use here. */ + kfree(sinfo.pertid); + return 0; } @@ -1293,7 +1297,7 @@ static struct iw_statistics *cfg80211_wireless_stats(struct net_device *dev) struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); /* we are under RTNL - globally locked - so can use static structs */ static struct iw_statistics wstats; - static struct station_info sinfo; + static struct station_info sinfo = {}; u8 bssid[ETH_ALEN]; if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) @@ -1352,6 +1356,9 @@ static struct iw_statistics *cfg80211_wireless_stats(struct net_device *dev) if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_TX_FAILED)) wstats.discard.retries = sinfo.tx_failed; + /* see cfg80211_wext_giwrate() above */ + kfree(sinfo.pertid); + return &wstats; }