* [PATCH v4] staging: r8188eu: fix potential memory leak in _rtw_init_xmit_priv()
@ 2022-09-13 13:24 xkernel.wang
2022-09-13 18:59 ` Philipp Hortmann
0 siblings, 1 reply; 2+ messages in thread
From: xkernel.wang @ 2022-09-13 13:24 UTC (permalink / raw)
To: Larry.Finger, phil, gregkh, philipp.g.hortmann
Cc: linux-staging, linux-kernel, Xiaoke Wang
From: Xiaoke Wang <xkernel.wang@foxmail.com>
In _rtw_init_xmit_priv(), there are several error paths for allocation
failures just jump to the `exit` section. However, there is no action
will be performed, so the allocated resources are not properly released,
which leads to various memory leaks.
To properly release them, this patch unifies the error handling code and
several error handling paths are added.
According to the allocation sequence, if the validation fails, it will
jump to its corresponding error tag to release the resources.
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
---
ChangeLog:
v1->v2 update the description and adjust the sequence of patches.
v2->v3 None to this patch, but some to another patch in this series.
v3->v4 rebase the original series and merge them due to the missing check
for kzalloc() in rtw_alloc_hwxmits() had been added.
drivers/staging/r8188eu/core/rtw_xmit.c | 30 ++++++++++++++++++++-----
1 file changed, 24 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c
index 9c39d08..9e70c79 100644
--- a/drivers/staging/r8188eu/core/rtw_xmit.c
+++ b/drivers/staging/r8188eu/core/rtw_xmit.c
@@ -134,7 +134,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
if (!pxmitpriv->pallocated_xmitbuf) {
res = _FAIL;
- goto exit;
+ goto free_frame_buf;
}
pxmitpriv->pxmitbuf = (u8 *)ALIGN((size_t)(pxmitpriv->pallocated_xmitbuf), 4);
@@ -156,7 +156,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
msleep(10);
res = rtw_xmit_resource_alloc(padapter, pxmitbuf, (MAX_XMITBUF_SZ + XMITBUF_ALIGN_SZ));
if (res == _FAIL)
- goto exit;
+ goto free_xmitbuf;
}
pxmitbuf->flags = XMIT_VO_QUEUE;
@@ -174,7 +174,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
if (!pxmitpriv->pallocated_xmit_extbuf) {
res = _FAIL;
- goto exit;
+ goto free_xmitbuf;
}
pxmitpriv->pxmit_extbuf = (u8 *)ALIGN((size_t)(pxmitpriv->pallocated_xmit_extbuf), 4);
@@ -191,7 +191,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
res = rtw_xmit_resource_alloc(padapter, pxmitbuf, max_xmit_extbuf_size + XMITBUF_ALIGN_SZ);
if (res == _FAIL) {
res = _FAIL;
- goto exit;
+ goto free_xmit_extbuf;
}
list_add_tail(&pxmitbuf->list, &pxmitpriv->free_xmit_extbuf_queue.queue);
@@ -202,7 +202,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
if (rtw_alloc_hwxmits(padapter)) {
res = _FAIL;
- goto exit;
+ goto free_xmit_extbuf;
}
rtw_init_hwxmits(pxmitpriv->hwxmits, pxmitpriv->hwxmit_entry);
@@ -226,8 +226,26 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
rtl8188eu_init_xmit_priv(padapter);
-exit:
+ return _SUCCESS;
+free_xmit_extbuf:
+ pxmitbuf = (struct xmit_buf *)pxmitpriv->pxmit_extbuf;
+ while (i--) {
+ rtw_xmit_resource_free(padapter, pxmitbuf, (max_xmit_extbuf_size + XMITBUF_ALIGN_SZ));
+ pxmitbuf++;
+ }
+ vfree(pxmitpriv->pallocated_xmit_extbuf);
+ i = NR_XMITBUFF;
+free_xmitbuf:
+ pxmitbuf = (struct xmit_buf *)pxmitpriv->pxmitbuf;
+ while (i--) {
+ rtw_xmit_resource_free(padapter, pxmitbuf, (MAX_XMITBUF_SZ + XMITBUF_ALIGN_SZ));
+ pxmitbuf++;
+ }
+ vfree(pxmitpriv->pallocated_xmitbuf);
+free_frame_buf:
+ vfree(pxmitpriv->pallocated_frame_buf);
+exit:
return res;
}
--
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v4] staging: r8188eu: fix potential memory leak in _rtw_init_xmit_priv()
2022-09-13 13:24 [PATCH v4] staging: r8188eu: fix potential memory leak in _rtw_init_xmit_priv() xkernel.wang
@ 2022-09-13 18:59 ` Philipp Hortmann
0 siblings, 0 replies; 2+ messages in thread
From: Philipp Hortmann @ 2022-09-13 18:59 UTC (permalink / raw)
To: xkernel.wang, Larry.Finger, phil, gregkh; +Cc: linux-staging, linux-kernel
On 9/13/22 15:24, xkernel.wang@foxmail.com wrote:
> From: Xiaoke Wang <xkernel.wang@foxmail.com>
>
> In _rtw_init_xmit_priv(), there are several error paths for allocation
> failures just jump to the `exit` section. However, there is no action
> will be performed, so the allocated resources are not properly released,
> which leads to various memory leaks.
>
> To properly release them, this patch unifies the error handling code and
> several error handling paths are added.
> According to the allocation sequence, if the validation fails, it will
> jump to its corresponding error tag to release the resources.
>
> Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
> ---
> ChangeLog:
> v1->v2 update the description and adjust the sequence of patches.
> v2->v3 None to this patch, but some to another patch in this series.
> v3->v4 rebase the original series and merge them due to the missing check
> for kzalloc() in rtw_alloc_hwxmits() had been added.
> drivers/staging/r8188eu/core/rtw_xmit.c | 30 ++++++++++++++++++++-----
> 1 file changed, 24 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c
> index 9c39d08..9e70c79 100644
> --- a/drivers/staging/r8188eu/core/rtw_xmit.c
> +++ b/drivers/staging/r8188eu/core/rtw_xmit.c
> @@ -134,7 +134,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
>
> if (!pxmitpriv->pallocated_xmitbuf) {
> res = _FAIL;
> - goto exit;
> + goto free_frame_buf;
> }
>
> pxmitpriv->pxmitbuf = (u8 *)ALIGN((size_t)(pxmitpriv->pallocated_xmitbuf), 4);
> @@ -156,7 +156,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
> msleep(10);
> res = rtw_xmit_resource_alloc(padapter, pxmitbuf, (MAX_XMITBUF_SZ + XMITBUF_ALIGN_SZ));
> if (res == _FAIL)
> - goto exit;
> + goto free_xmitbuf;
> }
>
> pxmitbuf->flags = XMIT_VO_QUEUE;
> @@ -174,7 +174,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
>
> if (!pxmitpriv->pallocated_xmit_extbuf) {
> res = _FAIL;
> - goto exit;
> + goto free_xmitbuf;
> }
>
> pxmitpriv->pxmit_extbuf = (u8 *)ALIGN((size_t)(pxmitpriv->pallocated_xmit_extbuf), 4);
> @@ -191,7 +191,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
> res = rtw_xmit_resource_alloc(padapter, pxmitbuf, max_xmit_extbuf_size + XMITBUF_ALIGN_SZ);
> if (res == _FAIL) {
> res = _FAIL;
> - goto exit;
> + goto free_xmit_extbuf;
> }
>
> list_add_tail(&pxmitbuf->list, &pxmitpriv->free_xmit_extbuf_queue.queue);
> @@ -202,7 +202,7 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
>
> if (rtw_alloc_hwxmits(padapter)) {
> res = _FAIL;
> - goto exit;
> + goto free_xmit_extbuf;
> }
>
> rtw_init_hwxmits(pxmitpriv->hwxmits, pxmitpriv->hwxmit_entry);
> @@ -226,8 +226,26 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
>
> rtl8188eu_init_xmit_priv(padapter);
>
> -exit:
> + return _SUCCESS;
>
> +free_xmit_extbuf:
> + pxmitbuf = (struct xmit_buf *)pxmitpriv->pxmit_extbuf;
> + while (i--) {
> + rtw_xmit_resource_free(padapter, pxmitbuf, (max_xmit_extbuf_size + XMITBUF_ALIGN_SZ));
> + pxmitbuf++;
> + }
> + vfree(pxmitpriv->pallocated_xmit_extbuf);
> + i = NR_XMITBUFF;
> +free_xmitbuf:
> + pxmitbuf = (struct xmit_buf *)pxmitpriv->pxmitbuf;
> + while (i--) {
> + rtw_xmit_resource_free(padapter, pxmitbuf, (MAX_XMITBUF_SZ + XMITBUF_ALIGN_SZ));
> + pxmitbuf++;
> + }
> + vfree(pxmitpriv->pallocated_xmitbuf);
> +free_frame_buf:
> + vfree(pxmitpriv->pallocated_frame_buf);
> +exit:
> return res;
> }
>
Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> # Edimax N150
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-09-13 18:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-13 13:24 [PATCH v4] staging: r8188eu: fix potential memory leak in _rtw_init_xmit_priv() xkernel.wang
2022-09-13 18:59 ` Philipp Hortmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.