| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Nov 2019 01:18:15 +0000
From: Pkshih <pkshih@...ltek.com>
To: Stefan Wahren <wahrenst@....net>,
Larry Finger <Larry.Finger@...inger.net>
CC: "colin.king@...onical.com" <colin.king@...onical.com>,
"kvalo@...eaurora.org" <kvalo@...eaurora.org>,
"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: rtlwifi: Memory leak in rtl92c_set_fw_rsvdpagepkt()
> -----Original Message-----
> From: Stefan Wahren [mailto:wahrenst@....net]
> Sent: Thursday, October 31, 2019 9:57 PM
> To: Pkshih; Larry Finger
> Cc: colin.king@...onical.com; kvalo@...eaurora.org; linux-wireless@...r.kernel.org;
> netdev@...r.kernel.org
> Subject: rtlwifi: Memory leak in rtl92c_set_fw_rsvdpagepkt()
>
> Hi,
>
> i tested the EDIMAX EW-7612 on Raspberry Pi 3B+ with Linux 5.4-rc5
> (multi_v7_defconfig + rtlwifi + kmemleak) and noticed a single memory
> leak during probe:
>
> unreferenced object 0xec13ee40 (size 176):
> comm "kworker/u8:1", pid 36, jiffies 4294939321 (age 5580.790s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<fc1bbb3e>] __netdev_alloc_skb+0x9c/0x164
> [<863dfa6e>] rtl92c_set_fw_rsvdpagepkt+0x254/0x340 [rtl8192c_common]
> [<9572be0d>] rtl92cu_set_hw_reg+0xf48/0xfa4 [rtl8192cu]
> [<116df4d8>] rtl_op_bss_info_changed+0x234/0x96c [rtlwifi]
> [<8933575f>] ieee80211_bss_info_change_notify+0xb8/0x264 [mac80211]
> [<d4061e86>] ieee80211_assoc_success+0x934/0x1798 [mac80211]
> [<e55adb56>] ieee80211_rx_mgmt_assoc_resp+0x174/0x314 [mac80211]
> [<5974629e>] ieee80211_sta_rx_queued_mgmt+0x3f4/0x7f0 [mac80211]
> [<d91091c6>] ieee80211_iface_work+0x208/0x318 [mac80211]
> [<ac5fcae4>] process_one_work+0x22c/0x564
> [<f5e6d3b6>] worker_thread+0x44/0x5d8
> [<82c7b073>] kthread+0x150/0x154
> [<b43e1b7d>] ret_from_fork+0x14/0x2c
> [<794dff30>] 0x0
>
> It looks like the allocated skd is never freed.
>
> Would be nice to get this fixed.
>
Hi,
This is due to 8192cu doesn't implement usb_cmd_send_packet(). Could you help
following patch?
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c
index 56cc3bc30860..f070f25bb735 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c
@@ -1540,6 +1540,8 @@ static bool usb_cmd_send_packet(struct ieee80211_hw *hw, struct sk_buff *skb)
* This is maybe necessary:
* rtlpriv->cfg->ops->fill_tx_cmddesc(hw, buffer, 1, 1, skb);
*/
+ dev_kfree_skb(skb);
+
return true;
}
This patch just frees the skb to resolve memleak problem. Since 8192cu doesn't
turn on fwctrl_lps that needs to download command packet to firmware, apply
this patch isn't worse than before.
---
PK
Powered by blists - more mailing lists