Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers/net/wireless
History
Manikanta Pubbisetty b0b681f307 wifi: ath10k: Fix memory leak in management tx 
commit e15d84b3bba187aa372dff7c58ce1fd5cb48a076 upstream.

In the current logic, memory is allocated for storing the MSDU context
during management packet TX but this memory is not being freed during
management TX completion. Similar leaks are seen in the management TX
cleanup logic.

Kmemleak reports this problem as below,

unreferenced object 0xffffff80b64ed250 (size 16):
  comm "kworker/u16:7", pid 148, jiffies 4294687130 (age 714.199s)
  hex dump (first 16 bytes):
    00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00  .+.......t......
  backtrace:
    [<ffffffe6e7b245dc>] __kmem_cache_alloc_node+0x1e4/0x2d8
    [<ffffffe6e7adde88>] kmalloc_trace+0x48/0x110
    [<ffffffe6bbd765fc>] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core]
    [<ffffffe6bbd3eed4>] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core]
    [<ffffffe6e78d5974>] process_scheduled_works+0x1ac/0x400
    [<ffffffe6e78d60b8>] worker_thread+0x208/0x328
    [<ffffffe6e78dc890>] kthread+0x100/0x1c0
    [<ffffffe6e78166c0>] ret_from_fork+0x10/0x20

Free the memory during completion and cleanup to fix the leak.

Protect the mgmt_pending_tx idr_remove() operation in
ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar->data_lock similar to
other instances.

Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1

Fixes: dc405152bb64 ("ath10k: handle mgmt tx completion event")
Fixes: c730c477176a ("ath10k: Remove msdu from idr when management pkt send fails")
Cc: stable@vger.kernel.org
Signed-off-by: Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
Link: https://patch.msgid.link/20241015064103.6060-1-quic_mpubbise@quicinc.com
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-23 23:22:05 +01:00
..
admtek
ath wifi: ath10k: Fix memory leak in management tx 2024-11-23 23:22:05 +01:00
atmel
broadcom wifi: brcm80211: BRCM_TRACING should depend on TRACING 2024-11-23 23:22:03 +01:00
cisco
cnss2
cnss_genl
cnss_prealloc
cnss_utils
intel wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 2024-11-23 23:22:03 +01:00
intersil
marvell wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() 2024-11-23 23:21:39 +01:00
mediatek wifi: mt76: mt7915: fix rx filter setting for bfee functionality 2024-11-23 23:21:18 +01:00
microchip wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param 2024-11-23 23:21:18 +01:00
qualcomm/qca6490
quantenna wireless: Remove redundant 'flush_workqueue()' calls 2024-11-19 08:44:44 +01:00
ralink wifi: rt2x00: restart beacon queue when hardware reset 2024-11-18 12:13:11 +01:00
realtek wifi: rtw88: select WANT_DEV_COREDUMP 2024-11-23 23:21:38 +01:00
rsi
scsc
st wifi: cw1200: Avoid processing an invalid TIM IE 2024-11-23 23:20:44 +01:00
ti
zydas
Kconfig
mac80211_hwsim.c
mac80211_hwsim.h
Makefile
ray_cs.c
ray_cs.h
rayctl.h
rndis_wlan.c wireless: Remove redundant 'flush_workqueue()' calls 2024-11-19 08:44:44 +01:00
virt_wifi.c wifi: virt_wifi: don't use strlen() in const context 2024-11-23 23:20:08 +01:00
wl3501.h
wl3501_cs.c