projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: caddcdf)
ieee802154: hwsim: Fix possible memory leaks
authorChen Aotian <chenaotian2@163.com>
Sun, 9 Apr 2023 02:20:48 +0000 (10:20 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 28 Jun 2023 09:12:27 +0000 (11:12 +0200)
[ Upstream commit a61675294735570daca3779bd1dbb3715f7232bd ]

After replacing e->info, it is necessary to free the old einfo.

Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb")
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: Chen Aotian <chenaotian2@163.com>
Link: https://lore.kernel.org/r/20230409022048.61223-1-chenaotian2@163.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/net/ieee802154/mac802154_hwsim.c patch | blob | history

diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c
index 2f0544d..9b3da61 100644 (file)
--- a/drivers/net/ieee802154/mac802154_hwsim.c
+++ b/drivers/net/ieee802154/mac802154_hwsim.c
@@ -522,7 +522,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info)
 static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
 {
        struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1];
 static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
 {
        struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1];
-       struct hwsim_edge_info *einfo;
+       struct hwsim_edge_info *einfo, *einfo_old;
        struct hwsim_phy *phy_v0;
        struct hwsim_edge *e;
        u32 v0, v1;
        struct hwsim_phy *phy_v0;
        struct hwsim_edge *e;
        u32 v0, v1;
@@ -560,8 +560,10 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
        list_for_each_entry_rcu(e, &phy_v0->edges, list) {
                if (e->endpoint->idx == v1) {
                        einfo->lqi = lqi;
        list_for_each_entry_rcu(e, &phy_v0->edges, list) {
                if (e->endpoint->idx == v1) {
                        einfo->lqi = lqi;
-                       rcu_assign_pointer(e->info, einfo);
+                       einfo_old = rcu_replace_pointer(e->info, einfo,
+                                                       lockdep_is_held(&hwsim_phys_lock));
                        rcu_read_unlock();
                        rcu_read_unlock();
+                       kfree_rcu(einfo_old, rcu);
                        mutex_unlock(&hwsim_phys_lock);
                        return 0;
                }
                        mutex_unlock(&hwsim_phys_lock);
                        return 0;
                }
Domain: System / Kernel;