Re: [PATCH v2] brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
From: Andy Shevchenko
Date: Sun Jun 11 2017 - 09:49:56 EST
On Sat, Jun 10, 2017 at 10:27 PM, Arend van Spriel
<arend.vanspriel@xxxxxxxxxxxx> wrote:
> On 03-06-17 17:36, Andy Shevchenko wrote:
>> On Sat, Jun 3, 2017 at 1:29 AM, Peter S. Housel <housel@xxxxxxx> wrote:
The following looks good to me.
Feel free to add
Reviewed-by: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>
> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
> @@ -705,7 +705,7 @@ int brcmf_sdiod_recv_pkt(struct brcmf_sdio_dev
> *sdiodev, struct sk_buff *pkt)
> int brcmf_sdiod_recv_chain(struct brcmf_sdio_dev *sdiodev,
> struct sk_buff_head *pktq, uint totlen)
> {
> - struct sk_buff *glom_skb;
> + struct sk_buff *glom_skb = NULL;
> struct sk_buff *skb;
> u32 addr = sdiodev->sbwad;
> int err = 0;
> @@ -726,10 +726,8 @@ int brcmf_sdiod_recv_chain(struct brcmf_sdio_dev
> *sdiodev,
> return -ENOMEM;
> err = brcmf_sdiod_buffrw(sdiodev, SDIO_FUNC_2, false, addr,
> glom_skb);
> - if (err) {
> - brcmu_pkt_buf_free_skb(glom_skb);
> + if (err)
> goto done;
> - }
>
> skb_queue_walk(pktq, skb) {
> memcpy(skb->data, glom_skb->data, skb->len);
> @@ -740,6 +738,7 @@ int brcmf_sdiod_recv_chain(struct brcmf_sdio_dev
> *sdiodev,
> pktq);
>
> done:
> + brcmu_pkt_buf_free_skb(glom_skb);
> return err;
> }
>
--
With Best Regards,
Andy Shevchenko