[PATCH 3.12 080/176] cfg80211: avoid mem leak on driver hint set
From: Jiri Slaby
Date: Thu Jan 29 2015 - 04:05:11 EST
From: Arik Nemtsov <arik@xxxxxxxxxx>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit 34f05f543f02350e920bddb7660ffdd4697aaf60 upstream.
In the already-set and intersect case of a driver-hint, the previous
wiphy regdomain was not freed before being reset with a copy of the
cfg80211 regdomain.
[js: backport to 3.12]
Signed-off-by: Arik Nemtsov <arikx.nemtsov@xxxxxxxxx>
Acked-by: Luis R. Rodriguez <mcgrof@xxxxxxxx>
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
---
net/wireless/reg.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index de06d5d1287f..8eedb1507ccc 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1432,7 +1432,7 @@ static enum reg_request_treatment
__regulatory_hint(struct wiphy *wiphy,
struct regulatory_request *pending_request)
{
- const struct ieee80211_regdomain *regd;
+ const struct ieee80211_regdomain *regd, *tmp;
bool intersect = false;
enum reg_request_treatment treatment;
struct regulatory_request *lr;
@@ -1448,7 +1448,9 @@ __regulatory_hint(struct wiphy *wiphy,
kfree(pending_request);
return PTR_ERR(regd);
}
+ tmp = get_wiphy_regdom(wiphy);
rcu_assign_pointer(wiphy->regd, regd);
+ rcu_free_regdom(tmp);
}
intersect = true;
break;
@@ -1468,7 +1470,9 @@ __regulatory_hint(struct wiphy *wiphy,
return REG_REQ_IGNORE;
}
treatment = REG_REQ_ALREADY_SET;
+ tmp = get_wiphy_regdom(wiphy);
rcu_assign_pointer(wiphy->regd, regd);
+ rcu_free_regdom(tmp);
goto new_request;
}
kfree(pending_request);
--
2.2.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/