[PATCH] mac80211: fix memory leak

[PATCH] mac80211: fix memory leak

[Johannes Berg]

From: Johannes Berg <johannes.berg@intel.com>

My recent change here introduced a possible memory leak if the
driver registers an invalid cipher schemes. This won't really
happen in practice, but fix the leak nonetheless.

Fixes: e3a55b5399d55 ("mac80211: validate cipher scheme PN length better")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 net/mac80211/main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 3c956c5f99b2..99d27babd9f0 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -770,8 +770,10 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
 
 		for (r = 0; r < local->hw.n_cipher_schemes; r++) {
 			suites[w++] = cs[r].cipher;
-			if (WARN_ON(cs[r].pn_len > IEEE80211_MAX_PN_LEN))
+			if (WARN_ON(cs[r].pn_len > IEEE80211_MAX_PN_LEN)) {
+				kfree(suites);
 				return -EINVAL;
+			}
 		}
 	}
 
-- 
2.1.4

Re: [PATCH] mac80211: fix memory leak

[Sergei Shtylyov]

Hello.

On 2/1/2016 12:28 PM, Kalle Valo wrote:

>> On Mon, Feb 01, 2016 at 11:03:35AM +1100, Julian Calaby wrote:
>>> Hi Sudip,
>>>
>>> On Fri, Jan 29, 2016 at 8:49 PM, Sudip Mukherjee
>>> <sudipm.mukherjee@gmail.com> wrote:
>>>> On error we jumped to the error label and returned the error code but we
>>>> missed releasing sinfo.
>>>>
>>>> Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
>>>
>>> Should the From: and Signed-off-by: email addresses be the same?
>>
>> I think 2 years back I had a long discussion with Greg about this and
>> since then I al submitting patches like this. A small summayg of the
>> problem from that discussion:
>>
>> "we have strict DMARC check for the corporate mail server. DMARC =
>> domain based message authentication.
>> So the mail i sent reached all the list subscriber from a different
>> server than our designated server, and as a result it is marked as spam
>> in many places and I have already received a few complaints regarding
>> that."
>
> You can add a separate "From:" line to the beginning of the commit log
> and git will use it then commiting the patch. I didn't find any
> documention but it's easy to do and should solve this.

    Documentation/SubmittingPatches, clause 14.

MBR, Sergei

Re: [PATCH] mac80211: fix memory leak

[Julian Calaby]

Hi Sudip,

On Mon, Feb 1, 2016 at 8:33 PM, Sudip Mukherjee
<sudipm.mukherjee@gmail.com> wrote:
> On Mon, Feb 01, 2016 at 11:28:37AM +0200, Kalle Valo wrote:
>> Sudip Mukherjee <sudipm.mukherjee@gmail.com> writes:
>>
>> > On Mon, Feb 01, 2016 at 11:03:35AM +1100, Julian Calaby wrote:
>> >> Hi Sudip,
>> >>
>> >> On Fri, Jan 29, 2016 at 8:49 PM, Sudip Mukherjee
>> >> <sudipm.mukherjee@gmail.com> wrote:
>> >> > On error we jumped to the error label and returned the error code but we
>> >> > missed releasing sinfo.
>> >> >
>> >> > Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
>> >>
>> >> Should the From: and Signed-off-by: email addresses be the same?
>> >
>> > I think 2 years back I had a long discussion with Greg about this and
>> > since then I al submitting patches like this. A small summayg of the
>> > problem from that discussion:
>> >
>> > "we have strict DMARC check for the corporate mail server. DMARC =
>> > domain based message authentication.
>> > So the mail i sent reached all the list subscriber from a different
>> > server than our designated server, and as a result it is marked as spam
>> > in many places and I have already received a few complaints regarding
>> > that."
>>
>> You can add a separate "From:" line to the beginning of the commit log
>> and git will use it then commiting the patch. I didn't find any
>> documention but it's easy to do and should solve this.
>
> Documentation is not needed. :)
> I have done that couple of time.
> I will resend this patch with the extra From: line.

Don't forget to include the Fixes: tag.

Thanks,

-- 
Julian Calaby

Email: julian.calaby@gmail.com
Profile: http://www.google.com/profiles/julian.calaby/

Re: [PATCH] mac80211: fix memory leak

[Sudip Mukherjee]

On Mon, Feb 01, 2016 at 11:28:37AM +0200, Kalle Valo wrote:
> Sudip Mukherjee <sudipm.mukherjee@gmail.com> writes:
> 
> > On Mon, Feb 01, 2016 at 11:03:35AM +1100, Julian Calaby wrote:
> >> Hi Sudip,
> >> 
> >> On Fri, Jan 29, 2016 at 8:49 PM, Sudip Mukherjee
> >> <sudipm.mukherjee@gmail.com> wrote:
> >> > On error we jumped to the error label and returned the error code but we
> >> > missed releasing sinfo.
> >> >
> >> > Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
> >> 
> >> Should the From: and Signed-off-by: email addresses be the same?
> >
> > I think 2 years back I had a long discussion with Greg about this and
> > since then I al submitting patches like this. A small summayg of the
> > problem from that discussion:
> >
> > "we have strict DMARC check for the corporate mail server. DMARC =
> > domain based message authentication.
> > So the mail i sent reached all the list subscriber from a different
> > server than our designated server, and as a result it is marked as spam
> > in many places and I have already received a few complaints regarding
> > that."
> 
> You can add a separate "From:" line to the beginning of the commit log
> and git will use it then commiting the patch. I didn't find any
> documention but it's easy to do and should solve this.

Documentation is not needed. :)
I have done that couple of time.
I will resend this patch with the extra From: line.

regards
sudip

Re: [PATCH] mac80211: fix memory leak

[Kalle Valo]

Sudip Mukherjee <sudipm.mukherjee@gmail.com> writes:

> On Mon, Feb 01, 2016 at 11:03:35AM +1100, Julian Calaby wrote:
>> Hi Sudip,
>> 
>> On Fri, Jan 29, 2016 at 8:49 PM, Sudip Mukherjee
>> <sudipm.mukherjee@gmail.com> wrote:
>> > On error we jumped to the error label and returned the error code but we
>> > missed releasing sinfo.
>> >
>> > Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
>> 
>> Should the From: and Signed-off-by: email addresses be the same?
>
> I think 2 years back I had a long discussion with Greg about this and
> since then I al submitting patches like this. A small summayg of the
> problem from that discussion:
>
> "we have strict DMARC check for the corporate mail server. DMARC =
> domain based message authentication.
> So the mail i sent reached all the list subscriber from a different
> server than our designated server, and as a result it is marked as spam
> in many places and I have already received a few complaints regarding
> that."

You can add a separate "From:" line to the beginning of the commit log
and git will use it then commiting the patch. I didn't find any
documention but it's easy to do and should solve this.

-- 
Kalle Valo

Re: [PATCH] mac80211: fix memory leak

[Julian Calaby]

Hi Sudip,

On Mon, Feb 1, 2016 at 3:25 PM, Sudip Mukherjee
<sudipm.mukherjee@gmail.com> wrote:
> On Mon, Feb 01, 2016 at 11:03:35AM +1100, Julian Calaby wrote:
>> Hi Sudip,
>>
>> On Fri, Jan 29, 2016 at 8:49 PM, Sudip Mukherjee
>> <sudipm.mukherjee@gmail.com> wrote:
>> > On error we jumped to the error label and returned the error code but we
>> > missed releasing sinfo.
>> >
>> > Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
>>
>> Should the From: and Signed-off-by: email addresses be the same?
>
> I think 2 years back I had a long discussion with Greg about this and
> since then I al submitting patches like this. A small summayg of the
> problem from that discussion:
>
> "we have strict DMARC check for the corporate mail server. DMARC =
> domain based message authentication.
> So the mail i sent reached all the list subscriber from a different
> server than our designated server, and as a result it is marked as spam
> in many places and I have already received a few complaints regarding
> that."

Ok, fair enough then.

Thanks,

-- 
Julian Calaby

Email: julian.calaby@gmail.com
Profile: http://www.google.com/profiles/julian.calaby/

Re: [PATCH] mac80211: fix memory leak

[Sudip Mukherjee]

On Mon, Feb 01, 2016 at 11:03:35AM +1100, Julian Calaby wrote:
> Hi Sudip,
> 
> On Fri, Jan 29, 2016 at 8:49 PM, Sudip Mukherjee
> <sudipm.mukherjee@gmail.com> wrote:
> > On error we jumped to the error label and returned the error code but we
> > missed releasing sinfo.
> >
> > Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
> 
> Should the From: and Signed-off-by: email addresses be the same?

I think 2 years back I had a long discussion with Greg about this and
since then I al submitting patches like this. A small summayg of the
problem from that discussion:

"we have strict DMARC check for the corporate mail server. DMARC =
domain based message authentication.
So the mail i sent reached all the list subscriber from a different
server than our designated server, and as a result it is marked as spam
in many places and I have already received a few complaints regarding
that."

> 
> > ---
> >  net/mac80211/sta_info.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
> > index 6c198e6..36e75c4 100644
> > --- a/net/mac80211/sta_info.c
> > +++ b/net/mac80211/sta_info.c
> > @@ -561,6 +561,7 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
> >         __cleanup_single_sta(sta);
> >   out_err:
> >         mutex_unlock(&local->sta_mtx);
> > +       kfree(sinfo);
> >         rcu_read_lock();
> >         return err;
> >  }
> 
> Looks sane to me. I must note that the bug this is fixing is only in
> the mac80211-next tree.
> 
> Fixes: 5fe74014172d ("mac80211: avoid excessive stack usage in sta_info")
> Reviewed-by: Julian Calaby <julian.calaby@gmail.com>

thanks

regards
sudip

Re: [PATCH] mac80211: fix memory leak

[Julian Calaby]

Hi Sudip,

On Fri, Jan 29, 2016 at 8:49 PM, Sudip Mukherjee
<sudipm.mukherjee@gmail.com> wrote:
> On error we jumped to the error label and returned the error code but we
> missed releasing sinfo.
>
> Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>

Should the From: and Signed-off-by: email addresses be the same?

> ---
>  net/mac80211/sta_info.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
> index 6c198e6..36e75c4 100644
> --- a/net/mac80211/sta_info.c
> +++ b/net/mac80211/sta_info.c
> @@ -561,6 +561,7 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
>         __cleanup_single_sta(sta);
>   out_err:
>         mutex_unlock(&local->sta_mtx);
> +       kfree(sinfo);
>         rcu_read_lock();
>         return err;
>  }

Looks sane to me. I must note that the bug this is fixing is only in
the mac80211-next tree.

Fixes: 5fe74014172d ("mac80211: avoid excessive stack usage in sta_info")
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>

Thanks,

-- 
Julian Calaby

Email: julian.calaby@gmail.com
Profile: http://www.google.com/profiles/julian.calaby/

[PATCH] mac80211: fix memory leak

[Sudip Mukherjee]

On error we jumped to the error label and returned the error code but we
missed releasing sinfo.

Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
---
 net/mac80211/sta_info.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 6c198e6..36e75c4 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -561,6 +561,7 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
 	__cleanup_single_sta(sta);
  out_err:
 	mutex_unlock(&local->sta_mtx);
+	kfree(sinfo);
 	rcu_read_lock();
 	return err;
 }
-- 
1.9.1

Re: [PATCH] mac80211: fix memory leak

[Johannes Berg]

On Thu, 2014-02-06 at 21:01 +0200, Emmanuel Grumbach wrote:
> From: Eytan Lifshitz <eytan.lifshitz@intel.com>
> 
> In case ieee80211_prep_connection() fails to dereference
> sdata->vif.chanctx_conf, the function returns and doesn't
> free new_sta. fixed.

Applied.

johannes

[PATCH] mac80211: fix memory leak

[Emmanuel Grumbach]

From: Eytan Lifshitz <eytan.lifshitz@intel.com>

In case ieee80211_prep_connection() fails to dereference
sdata->vif.chanctx_conf, the function returns and doesn't
free new_sta. fixed.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
---
 net/mac80211/mlme.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index b640cd6..da4b09e 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3792,6 +3792,7 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
 		chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
 		if (WARN_ON(!chanctx_conf)) {
 			rcu_read_unlock();
+			sta_info_free(local, new_sta);
 			return -EINVAL;
 		}
 		rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
-- 
1.7.9.5