| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <55fad8d1-ab4f-48b8-8712-24664a6bab2c@oss.qualcomm.com>
Date: Tue, 20 Jan 2026 10:52:54 +0800
From: Baochen Qiang <baochen.qiang@....qualcomm.com>
To: Zilin Guan <zilin@....edu.cn>, jjohnson@...nel.org
Cc: linux-wireless@...r.kernel.org, ath11k@...ts.infradead.org,
linux-kernel@...r.kernel.org, jianhao.xu@....edu.cn
Subject: Re: [PATCH] wifi: ath11k: fix memory leaks in beacon template setup
On 1/20/2026 12:05 AM, Zilin Guan wrote:
> The functions ath11k_mac_setup_bcn_tmpl_ema() and
> ath11k_mac_setup_bcn_tmpl_mbssid() allocate memory for beacon templates
> but fail to free it when parameter setup returns an error.
>
> Since beacon templates must be released during normal execution, they
> must also be released in the error handling paths to prevent memory
> leaks.
>
> Fix this by adding the missing deallocation calls in the respective
> error paths.
>
> Compile tested only. Issue found using a prototype static analysis tool
> and code review.
>
> Fixes: 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template")
> Fixes: 335a92765d30 ("wifi: ath11k: MBSSID beacon support")
> Signed-off-by: Zilin Guan <zilin@....edu.cn>
> ---
> drivers/net/wireless/ath/ath11k/mac.c | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
> index 4dfd08b58416..005cc81a3244 100644
> --- a/drivers/net/wireless/ath/ath11k/mac.c
> +++ b/drivers/net/wireless/ath/ath11k/mac.c
> @@ -1561,8 +1561,10 @@ static int ath11k_mac_setup_bcn_tmpl_ema(struct ath11k_vif *arvif,
> }
>
> if (tx_arvif == arvif) {
> - if (ath11k_mac_set_vif_params(tx_arvif, beacons->bcn[0].skb))
> + if (ath11k_mac_set_vif_params(tx_arvif, beacons->bcn[0].skb)) {
> + ieee80211_beacon_free_ema_list(beacons);
> return -EINVAL;
> + }
> } else {
> arvif->wpaie_present = tx_arvif->wpaie_present;
> }
> @@ -1623,9 +1625,9 @@ static int ath11k_mac_setup_bcn_tmpl_mbssid(struct ath11k_vif *arvif,
>
> if (tx_arvif == arvif) {
> if (ath11k_mac_set_vif_params(tx_arvif, bcn))
> - return -EINVAL;
> + goto err;
> } else if (!ath11k_mac_set_nontx_vif_params(tx_arvif, arvif, bcn)) {
> - return -EINVAL;
> + goto err;
> }
>
> ret = ath11k_wmi_bcn_tmpl(ar, arvif->vdev_id, &offs, bcn, 0);
> @@ -1636,6 +1638,10 @@ static int ath11k_mac_setup_bcn_tmpl_mbssid(struct ath11k_vif *arvif,
> ret);
>
> return ret;
> +
> +err:
> + kfree_skb(bcn);
> + return -EINVAL;
> }
>
below would be better?
@@ -1622,19 +1622,21 @@ static int ath11k_mac_setup_bcn_tmpl_mbssid(struct ath11k_vif *arvif,
}
if (tx_arvif == arvif) {
- if (ath11k_mac_set_vif_params(tx_arvif, bcn))
- return -EINVAL;
+ if (ath11k_mac_set_vif_params(tx_arvif, bcn)) {
+ ret = -EINVAL;
+ goto free;
+ }
} else if (!ath11k_mac_set_nontx_vif_params(tx_arvif, arvif, bcn)) {
- return -EINVAL;
+ ret = -EINVAL;
+ goto free;
}
ret = ath11k_wmi_bcn_tmpl(ar, arvif->vdev_id, &offs, bcn, 0);
- kfree_skb(bcn);
-
if (ret)
ath11k_warn(ab, "failed to submit beacon template command: %d\n",
ret);
-
+free:
+ kfree_skb(bcn);
return ret;
}
> static int ath11k_mac_setup_bcn_tmpl(struct ath11k_vif *arvif)
Powered by blists - more mailing lists