lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sat, 30 Jan 2016 18:15:40 +0100
From:	Andrea Merello <andrea.merello@...il.com>
To:	Jia-Ju Bai <baijiaju1990@....com>
Cc:	Larry Finger <Larry.Finger@...inger.net>,
	Michael Wu <flamingice@...rmilk.net>, kvalo@...eaurora.org,
	Linux Wireless List <linux-wireless@...r.kernel.org>,
	netdev@...r.kernel.org
Subject: Re: [PATCH resend] rtl818x_pci: Fix a memory leak in rtl8180_init_rx_ring

Thanks for pointing this out!

At a first look I'd propose to merge the two identical
pci_fee_consistent() in a single one, and place it in an error exit
path at the end of function.

BTW, looking at the code, it seems there is another leak here that
your patch does not address: we still leaks allocated (and dma-mapped)
skbs.

Indeed we probably need to rework error handling in this piece of code..

Andrea

On Sat, Jan 16, 2016 at 2:07 PM, Jia-Ju Bai <baijiaju1990@....com> wrote:
> When dev_alloc_skb or pci_dma_mapping_error in rtl8180_init_rx_ring fails,
> the memory allocated by pci_zalloc_consistent is not freed.
>
> This patch fixes the bug by adding pci_free_consistent
> in error handling code.
>
> Signed-off-by: Jia-Ju Bai <baijiaju1990@....com>
> ---
>  drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c |    4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c b/drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c
> index a43a16f..28479b1 100644
> --- a/drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c
> +++ b/drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c
> @@ -1018,6 +1018,8 @@ static int rtl8180_init_rx_ring(struct ieee80211_hw *dev)
>                 dma_addr_t *mapping;
>                 entry = priv->rx_ring + priv->rx_ring_sz*i;
>                 if (!skb) {
> +                       pci_free_consistent(priv->pdev, priv->rx_ring_sz * 32,
> +                                       priv->rx_ring, priv->rx_ring_dma);
>                         wiphy_err(dev->wiphy, "Cannot allocate RX skb\n");
>                         return -ENOMEM;
>                 }
> @@ -1028,6 +1030,8 @@ static int rtl8180_init_rx_ring(struct ieee80211_hw *dev)
>
>                 if (pci_dma_mapping_error(priv->pdev, *mapping)) {
>                         kfree_skb(skb);
> +                       pci_free_consistent(priv->pdev, priv->rx_ring_sz * 32,
> +                                       priv->rx_ring, priv->rx_ring_dma);
>                         wiphy_err(dev->wiphy, "Cannot map DMA for RX skb\n");
>                         return -ENOMEM;
>                 }
> --
> 1.7.9.5
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ