* [PATCH wireless-drivers] mt76: dma: fix a possible memory leak in mt76_add_fragment()
@ 2021-01-26 11:02 Lorenzo Bianconi
2021-01-27 6:00 ` Kalle Valo
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Lorenzo Bianconi @ 2021-01-26 11:02 UTC (permalink / raw)
To: linux-wireless; +Cc: nbd, lorenzo.bianconi
Fix a memory leak in mt76_add_fragment routine returning the buffer
to the page_frag_cache when we receive a new fragment and the
skb_shared_info frag array is full.
Fixes: b102f0c522cf6 ("mt76: fix array overflow on receiving too many fragments for a packet")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
---
drivers/net/wireless/mediatek/mt76/dma.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/dma.c b/drivers/net/wireless/mediatek/mt76/dma.c
index 73eeb00d5aa6..e81dfaf99bcb 100644
--- a/drivers/net/wireless/mediatek/mt76/dma.c
+++ b/drivers/net/wireless/mediatek/mt76/dma.c
@@ -509,15 +509,17 @@ static void
mt76_add_fragment(struct mt76_dev *dev, struct mt76_queue *q, void *data,
int len, bool more)
{
- struct page *page = virt_to_head_page(data);
- int offset = data - page_address(page);
struct sk_buff *skb = q->rx_head;
struct skb_shared_info *shinfo = skb_shinfo(skb);
if (shinfo->nr_frags < ARRAY_SIZE(shinfo->frags)) {
- offset += q->buf_offset;
+ struct page *page = virt_to_head_page(data);
+ int offset = data - page_address(page) + q->buf_offset;
+
skb_add_rx_frag(skb, shinfo->nr_frags, page, offset, len,
q->buf_size);
+ } else {
+ skb_free_frag(data);
}
if (more)
--
2.29.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH wireless-drivers] mt76: dma: fix a possible memory leak in mt76_add_fragment()
2021-01-26 11:02 [PATCH wireless-drivers] mt76: dma: fix a possible memory leak in mt76_add_fragment() Lorenzo Bianconi
@ 2021-01-27 6:00 ` Kalle Valo
2021-01-27 6:02 ` Felix Fietkau
2021-01-28 7:30 ` Kalle Valo
2 siblings, 0 replies; 4+ messages in thread
From: Kalle Valo @ 2021-01-27 6:00 UTC (permalink / raw)
To: Lorenzo Bianconi; +Cc: linux-wireless, nbd, lorenzo.bianconi
Lorenzo Bianconi <lorenzo@kernel.org> wrote:
> Fix a memory leak in mt76_add_fragment routine returning the buffer
> to the page_frag_cache when we receive a new fragment and the
> skb_shared_info frag array is full.
>
> Fixes: b102f0c522cf6 ("mt76: fix array overflow on receiving too many fragments for a packet")
> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
I assigned this to me on patchwork and queued for v5.11. Felix, can you ack?
--
https://patchwork.kernel.org/project/linux-wireless/patch/4f9dd73407da88b2a552517ce8db242d86bf4d5c.1611616130.git.lorenzo@kernel.org/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH wireless-drivers] mt76: dma: fix a possible memory leak in mt76_add_fragment()
2021-01-26 11:02 [PATCH wireless-drivers] mt76: dma: fix a possible memory leak in mt76_add_fragment() Lorenzo Bianconi
2021-01-27 6:00 ` Kalle Valo
@ 2021-01-27 6:02 ` Felix Fietkau
2021-01-28 7:30 ` Kalle Valo
2 siblings, 0 replies; 4+ messages in thread
From: Felix Fietkau @ 2021-01-27 6:02 UTC (permalink / raw)
To: Lorenzo Bianconi, linux-wireless; +Cc: lorenzo.bianconi
On 2021-01-26 12:02, Lorenzo Bianconi wrote:
> Fix a memory leak in mt76_add_fragment routine returning the buffer
> to the page_frag_cache when we receive a new fragment and the
> skb_shared_info frag array is full.
>
> Fixes: b102f0c522cf6 ("mt76: fix array overflow on receiving too many fragments for a packet")
> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Acked-by: Felix Fietkau <nbd@nbd.name>
Thanks,
- Felix
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH wireless-drivers] mt76: dma: fix a possible memory leak in mt76_add_fragment()
2021-01-26 11:02 [PATCH wireless-drivers] mt76: dma: fix a possible memory leak in mt76_add_fragment() Lorenzo Bianconi
2021-01-27 6:00 ` Kalle Valo
2021-01-27 6:02 ` Felix Fietkau
@ 2021-01-28 7:30 ` Kalle Valo
2 siblings, 0 replies; 4+ messages in thread
From: Kalle Valo @ 2021-01-28 7:30 UTC (permalink / raw)
To: Lorenzo Bianconi; +Cc: linux-wireless, nbd, lorenzo.bianconi
Lorenzo Bianconi <lorenzo@kernel.org> wrote:
> Fix a memory leak in mt76_add_fragment routine returning the buffer
> to the page_frag_cache when we receive a new fragment and the
> skb_shared_info frag array is full.
>
> Fixes: b102f0c522cf6 ("mt76: fix array overflow on receiving too many fragments for a packet")
> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
> Acked-by: Felix Fietkau <nbd@nbd.name>
Patch applied to wireless-drivers.git, thanks.
93a1d4791c10 mt76: dma: fix a possible memory leak in mt76_add_fragment()
--
https://patchwork.kernel.org/project/linux-wireless/patch/4f9dd73407da88b2a552517ce8db242d86bf4d5c.1611616130.git.lorenzo@kernel.org/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-28 7:34 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-26 11:02 [PATCH wireless-drivers] mt76: dma: fix a possible memory leak in mt76_add_fragment() Lorenzo Bianconi
2021-01-27 6:00 ` Kalle Valo
2021-01-27 6:02 ` Felix Fietkau
2021-01-28 7:30 ` Kalle Valo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).