source: branches/chaos_calmer/package/kernel/mac80211/patches/351-0041-brcmfmac-fix-memory-leak-in-brcmf_flowring_add_tdls_.patch @ 49407

Last change on this file since 49407 was 49407, checked in by rmilecki, 12 months ago

mac80211: brcmfmac: backport changes from 2016-09-27

This fixes memory leaks, some possible crashes and bug that could cause
WARNING on every add_key/del_key call. It also replaces WARNING with
a simple message. They may still occur e.g. on station going out of
range and A-MPDU stall in the firmware.

Signed-off-by: Rafał Miłecki <rafal@…>

File size: 1.2 KB
  • drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c

    From bc981641360183990de59da17f9f560f9150b801 Mon Sep 17 00:00:00 2001
    From: Arend Van Spriel <arend.vanspriel@broadcom.com>
    Date: Mon, 19 Sep 2016 12:09:53 +0100
    Subject: [PATCH] brcmfmac: fix memory leak in brcmf_flowring_add_tdls_peer()
    
    In the error paths in brcmf_flowring_add_tdls_peer() the allocated
    resource should be freed.
    
    Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
    Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
    Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
    Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
    ---
     drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c | 8 ++++++--
     1 file changed, 6 insertions(+), 2 deletions(-)
    
    a b void brcmf_flowring_add_tdls_peer(struct 
    495495        } else { 
    496496                search = flow->tdls_entry; 
    497497                if (memcmp(search->mac, peer, ETH_ALEN) == 0) 
    498                         return; 
     498                        goto free_entry; 
    499499                while (search->next) { 
    500500                        search = search->next; 
    501501                        if (memcmp(search->mac, peer, ETH_ALEN) == 0) 
    502                                 return; 
     502                                goto free_entry; 
    503503                } 
    504504                search->next = tdls_entry; 
    505505        } 
    506506 
    507507        flow->tdls_active = true; 
     508        return; 
     509 
     510free_entry: 
     511        kfree(tdls_entry); 
    508512} 
Note: See TracBrowser for help on using the repository browser.