From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Larry Finger <Larry.Finger@lwfinger.net>,
Sascha Hauer <s.hauer@pengutronix.de>,
Ping-Ke Shih <pkshih@realtek.com>, Kalle Valo <kvalo@kernel.org>,
Sasha Levin <sashal@kernel.org>,
tony0620emma@gmail.com, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 6.3 47/59] wifi: rtw88: Fix memory leak in rtw88_usb
Date: Thu, 4 May 2023 15:41:30 -0400 [thread overview]
Message-ID: <20230504194142.3805425-47-sashal@kernel.org> (raw)
In-Reply-To: <20230504194142.3805425-1-sashal@kernel.org>
From: Larry Finger <Larry.Finger@lwfinger.net>
[ Upstream commit 59a3a312009723e3e5082899655fdcc420e2b47a ]
Kmemleak shows the following leak arising from routine in the usb
probe routine:
unreferenced object 0xffff895cb29bba00 (size 512):
comm "(udev-worker)", pid 534, jiffies 4294903932 (age 102751.088s)
hex dump (first 32 bytes):
77 30 30 30 00 00 00 00 02 2f 2d 2b 30 00 00 00 w000...../-+0...
02 00 2a 28 00 00 00 00 ff 55 ff ff ff 00 00 00 ..*(.....U......
backtrace:
[<ffffffff9265fa36>] kmalloc_trace+0x26/0x90
[<ffffffffc17eec41>] rtw_usb_probe+0x2f1/0x680 [rtw_usb]
[<ffffffffc03e19fd>] usb_probe_interface+0xdd/0x2e0 [usbcore]
[<ffffffff92b4f2fe>] really_probe+0x18e/0x3d0
[<ffffffff92b4f5b8>] __driver_probe_device+0x78/0x160
[<ffffffff92b4f6bf>] driver_probe_device+0x1f/0x90
[<ffffffff92b4f8df>] __driver_attach+0xbf/0x1b0
[<ffffffff92b4d350>] bus_for_each_dev+0x70/0xc0
[<ffffffff92b4e51e>] bus_add_driver+0x10e/0x210
[<ffffffff92b50935>] driver_register+0x55/0xf0
[<ffffffffc03e0708>] usb_register_driver+0x88/0x140 [usbcore]
[<ffffffff92401153>] do_one_initcall+0x43/0x210
[<ffffffff9254f42a>] do_init_module+0x4a/0x200
[<ffffffff92551d1c>] __do_sys_finit_module+0xac/0x120
[<ffffffff92ee6626>] do_syscall_64+0x56/0x80
[<ffffffff9300006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
The leak was verified to be real by unloading the driver, which resulted
in a dangling pointer to the allocation.
The allocated memory is freed in rtw_usb_intf_deinit().
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Cc: Ping-Ke Shih <pkshih@realtek.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230417160331.23071-1-Larry.Finger@lwfinger.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw88/usb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/realtek/rtw88/usb.c b/drivers/net/wireless/realtek/rtw88/usb.c
index 68e1b782d1992..05c7326443614 100644
--- a/drivers/net/wireless/realtek/rtw88/usb.c
+++ b/drivers/net/wireless/realtek/rtw88/usb.c
@@ -780,6 +780,7 @@ static void rtw_usb_intf_deinit(struct rtw_dev *rtwdev,
struct rtw_usb *rtwusb = rtw_get_usb_priv(rtwdev);
usb_put_dev(rtwusb->udev);
+ kfree(rtwusb->usb_data);
usb_set_intfdata(intf, NULL);
}
--
2.39.2
next prev parent reply other threads:[~2023-05-04 19:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-04 19:40 [PATCH AUTOSEL 6.3 01/59] wifi: ath: Silence memcpy run-time false positive warning Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 02/59] wifi: ath12k: Handle lock during peer_id find Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 03/59] wifi: ath12k: PCI ops for wakeup/release MHI Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 05/59] wifi: brcmfmac: pcie: Provide a buffer of random bytes to the device Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 06/59] wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 07/59] wifi: brcmfmac: pcie: Add IDs/properties for BCM4387 Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 12/59] wifi: rtw88: fix memory leak in rtw_usb_probe() Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 13/59] wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 14/59] bnxt: avoid overflow in bnxt_get_nvram_directory() Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 15/59] net: pasemi: Fix return type of pasemi_mac_start_tx() Sasha Levin
2023-05-04 19:40 ` [PATCH AUTOSEL 6.3 16/59] wifi: ath12k: fix memory leak in ath12k_qmi_driver_event_work() Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 17/59] net: Catch invalid index in XPS mapping Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 18/59] netdev: Enforce index cap in netdev_get_tx_queue Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 34/59] net/sched: pass netlink extack to mqprio and taprio offload Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 35/59] wifi: iwlwifi: pcie: fix possible NULL pointer dereference Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 36/59] wifi: iwlwifi: add a new PCI device ID for BZ device Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 37/59] wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 38/59] wifi: iwlwifi: mvm: fix ptk_pn memory leak Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 40/59] wifi: ath11k: Ignore frags from uninitialized peer in dp Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 41/59] wifi: mt76: mt7921: add Netgear AXE3000 (A8000) support Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 42/59] wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 45/59] wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 46/59] wifi: ath11k: Fix SKB corruption in REO destination ring Sasha Levin
2023-05-04 19:41 ` Sasha Levin [this message]
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 49/59] ipvs: Update width of source for ip_vs_sync_conn_options Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 51/59] Bluetooth: Add new quirk for broken local ext features page 2 Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 57/59] Bluetooth: Add new quirk for broken set random RPA timeout for ATS2851 Sasha Levin
2023-05-04 19:41 ` [PATCH AUTOSEL 6.3 58/59] Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230504194142.3805425-47-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=Larry.Finger@lwfinger.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=kvalo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pkshih@realtek.com \
--cc=s.hauer@pengutronix.de \
--cc=stable@vger.kernel.org \
--cc=tony0620emma@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).