projects / platform / kernel / linux-stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ddc4f7)
cfg80211: avoid mem leak on driver hint set
authorArik Nemtsov <arik@wizery.com>
Thu, 4 Dec 2014 10:22:16 +0000 (12:22 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 27 Jan 2015 16:18:54 +0000 (08:18 -0800)
commit 34f05f543f02350e920bddb7660ffdd4697aaf60 upstream.

In the already-set and intersect case of a driver-hint, the previous
wiphy regdomain was not freed before being reset with a copy of the
cfg80211 regdomain.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Acked-by: Luis R. Rodriguez <mcgrof@suse.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/wireless/reg.c patch | blob | history

diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 856933635082072ad0eec1815473641317830746..04d530560ec84e498f4f6d873d035bbfbd08467d 100644 (file)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1547,7 +1547,7 @@ static enum reg_request_treatment
 reg_process_hint_driver(struct wiphy *wiphy,
                        struct regulatory_request *driver_request)
 {
-       const struct ieee80211_regdomain *regd;
+       const struct ieee80211_regdomain *regd, *tmp;
        enum reg_request_treatment treatment;
 
        treatment = __reg_process_hint_driver(driver_request);
@@ -1566,7 +1566,10 @@ reg_process_hint_driver(struct wiphy *wiphy,
                        kfree(driver_request);
                        return REG_REQ_IGNORE;
                }
+
+               tmp = get_wiphy_regdom(wiphy);
                rcu_assign_pointer(wiphy->regd, regd);
+               rcu_free_regdom(tmp);
        }
 
 
Domain: System / Kernel;