Re: [PATCH] wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails

From: Toke Høiland-Jørgensen
Date: Mon Jan 02 2023 - 05:53:00 EST

Next message: Akhil P Oommen: "Re: [Freedreno] [PATCH v2] drm/msm/adreno: Make adreno quirks not overwrite each other"
Previous message: Sven Schnelle: "[PATCH v2 1/5] nolibc: fix fd_set type"
Next in thread: Fedor Pchelkin: "Re: [PATCH] wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fedor Pchelkin <pchelkin@xxxxxxxxx> writes:

> Syzkaller detected a memory leak of skbs in ath9k_hif_usb_rx_stream().
> While processing skbs in ath9k_hif_usb_rx_stream(), the already allocated
> skbs in skb_pool are not freed if ath9k_hif_usb_rx_stream() fails. If we
> have an incorrect pkt_len or pkt_tag, the skb is dropped and all the
> associated skb_pool buffers should be cleaned, too.
>
> Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
>
> Fixes: 6ce708f54cc8 ("ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream")
> Fixes: 44b23b488d44 ("ath9k: hif_usb: Reduce indent 1 column")
> Signed-off-by: Fedor Pchelkin <pchelkin@xxxxxxxxx>
> Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>

Is this the same issue reported in
https://lore.kernel.org/r/000000000000f3e5f805f133d3f7@xxxxxxxxxx ?

If so, could you please tag the patch appropriately?

-Toke

Next message: Akhil P Oommen: "Re: [Freedreno] [PATCH v2] drm/msm/adreno: Make adreno quirks not overwrite each other"
Previous message: Sven Schnelle: "[PATCH v2 1/5] nolibc: fix fd_set type"
Next in thread: Fedor Pchelkin: "Re: [PATCH] wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]