| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40ccd4fc-33c8-41b5-b68e-4e590a5a6ec5@oss.qualcomm.com>
Date: Tue, 20 Jan 2026 15:19:09 +0800
From: Baochen Qiang <baochen.qiang@....qualcomm.com>
To: Zilin Guan <zilin@....edu.cn>, jjohnson@...nel.org
Cc: linux-wireless@...r.kernel.org, ath11k@...ts.infradead.org,
linux-kernel@...r.kernel.org, jianhao.xu@....edu.cn
Subject: Re: [PATCH v2] wifi: ath11k: fix memory leaks in beacon template
setup
On 1/20/2026 2:37 PM, Zilin Guan wrote:
> The functions ath11k_mac_setup_bcn_tmpl_ema() and
> ath11k_mac_setup_bcn_tmpl_mbssid() allocate memory for beacon templates
> but fail to free it when parameter setup returns an error.
>
> Since beacon templates must be released during normal execution, they
> must also be released in the error handling paths to prevent memory
> leaks.
>
> Fix this by adding the missing deallocation calls in the respective
> error paths.
>
> Compile tested only. Issue found using a prototype static analysis tool
> and code review.
>
> Fixes: 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template")
> Fixes: 335a92765d30 ("wifi: ath11k: MBSSID beacon support")
> Suggested-by: Baochen Qiang <baochen.qiang@....qualcomm.com>
> Signed-off-by: Zilin Guan <zilin@....edu.cn>
> ---
> Changes in v2:
> - Use unified exit paths for cleanup.
>
> drivers/net/wireless/ath/ath11k/mac.c | 25 +++++++++++++++----------
> 1 file changed, 15 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
> index 4dfd08b58416..42edcc5e9e49 100644
> --- a/drivers/net/wireless/ath/ath11k/mac.c
> +++ b/drivers/net/wireless/ath/ath11k/mac.c
> @@ -1561,8 +1561,10 @@ static int ath11k_mac_setup_bcn_tmpl_ema(struct ath11k_vif *arvif,
> }
>
> if (tx_arvif == arvif) {
> - if (ath11k_mac_set_vif_params(tx_arvif, beacons->bcn[0].skb))
> - return -EINVAL;
> + if (ath11k_mac_set_vif_params(tx_arvif, beacons->bcn[0].skb)) {
> + ret = -EINVAL;
> + goto free;
> + }
> } else {
> arvif->wpaie_present = tx_arvif->wpaie_present;
> }
> @@ -1589,11 +1591,11 @@ static int ath11k_mac_setup_bcn_tmpl_ema(struct ath11k_vif *arvif,
> }
> }
>
> - ieee80211_beacon_free_ema_list(beacons);
> -
> if (tx_arvif != arvif && !nontx_vif_params_set)
> - return -EINVAL; /* Profile not found in the beacons */
> + ret = -EINVAL; /* Profile not found in the beacons */
>
> +free:
> + ieee80211_beacon_free_ema_list(beacons);
> return ret;
> }
>
> @@ -1622,19 +1624,22 @@ static int ath11k_mac_setup_bcn_tmpl_mbssid(struct ath11k_vif *arvif,
> }
>
> if (tx_arvif == arvif) {
> - if (ath11k_mac_set_vif_params(tx_arvif, bcn))
> - return -EINVAL;
> + if (ath11k_mac_set_vif_params(tx_arvif, bcn)) {
> + ret = -EINVAL;
> + goto free;
> + }
> } else if (!ath11k_mac_set_nontx_vif_params(tx_arvif, arvif, bcn)) {
> - return -EINVAL;
> + ret = -EINVAL;
> + goto free;
> }
>
> ret = ath11k_wmi_bcn_tmpl(ar, arvif->vdev_id, &offs, bcn, 0);
> - kfree_skb(bcn);
> -
> if (ret)
> ath11k_warn(ab, "failed to submit beacon template command: %d\n",
> ret);
>
> +free:
> + kfree_skb(bcn);
> return ret;
> }
>
Reviewed-by: Baochen Qiang <baochen.qiang@....qualcomm.com>
Powered by blists - more mailing lists