| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Jun 2019 15:33:35 -0700
From: Eric Biggers <ebiggers@...gle.com>
To: Pavel Machek <pavel@...x.de>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, stable@...r.kernel.org,
syzbot+7fddca22578bc67c3fe4@...kaller.appspotmail.com,
Johannes Berg <johannes.berg@...el.com>
Subject: Re: [PATCH 4.19 84/90] cfg80211: fix memory leak of wiphy device name
On Tue, Jun 25, 2019 at 11:51:36PM +0200, Pavel Machek wrote:
> Hi!
>
> > From: Eric Biggers <ebiggers@...gle.com>
> >
> > commit 4f488fbca2a86cc7714a128952eead92cac279ab upstream.
> >
> > In wiphy_new_nm(), if an error occurs after dev_set_name() and
> > device_initialize() have already been called, it's necessary to call
> > put_device() (via wiphy_free()) to avoid a memory leak.
> ....
> > --- a/net/wireless/core.c
> > +++ b/net/wireless/core.c
> > @@ -498,7 +498,7 @@ use_default_name:
> > &rdev->rfkill_ops, rdev);
> >
> > if (!rdev->rfkill) {
> > - kfree(rdev);
> > + wiphy_free(&rdev->wiphy);
> > return NULL;
> > }
>
> Is kfree(rdev) still neccessary?
> drivers/net/wireless/marvell/libertas/cfg.c seems to suggest so.
>
No, because it's freed by:
wiphy_free()
=> put_device()
=> wiphy_dev_release()
=> cfg80211_dev_free()
=> kfree(rdev)
drivers/net/wireless/marvell/libertas/cfg.c is different because there the
struct wiphy is separately allocated from the struct wireless_dev that's being
freed afterwards.
- Eric
Powered by blists - more mailing lists