| Message ID | 20250612090724.17777-1-fourier.thomas@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | drive/realtek/rtlwifi: fix possible memory leak | expand |
Hi Thomas, kernel test robot noticed the following build errors: [auto build test ERROR on wireless-next/main] [also build test ERROR on wireless/main linus/master v6.16-rc1 next-20250612] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Thomas-Fourier/drive-realtek-rtlwifi-fix-possible-memory-leak/20250612-171134 base: https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main patch link: https://lore.kernel.org/r/20250612090724.17777-1-fourier.thomas%40gmail.com patch subject: [PATCH] drive/realtek/rtlwifi: fix possible memory leak config: i386-randconfig-006-20250613 (https://download.01.org/0day-ci/archive/20250613/202506130644.NKPuRVsI-lkp@intel.com/config) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250613/202506130644.NKPuRVsI-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202506130644.NKPuRVsI-lkp@intel.com/ All errors (new ones prefixed by >>): drivers/net/wireless/realtek/rtlwifi/pci.c: In function '_rtl_pci_init_one_rxdesc': >> drivers/net/wireless/realtek/rtlwifi/pci.c:577:39: error: expected ';' before 'return' 577 | kfree_skb(skb) | ^ | ; 578 | return 0; | ~~~~~~ vim +577 drivers/net/wireless/realtek/rtlwifi/pci.c 550 551 static int _rtl_pci_init_one_rxdesc(struct ieee80211_hw *hw, 552 struct sk_buff *new_skb, u8 *entry, 553 int rxring_idx, int desc_idx) 554 { 555 struct rtl_priv *rtlpriv = rtl_priv(hw); 556 struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); 557 u32 bufferaddress; 558 u8 tmp_one = 1; 559 struct sk_buff *skb; 560 561 if (likely(new_skb)) { 562 skb = new_skb; 563 goto remap; 564 } 565 skb = dev_alloc_skb(rtlpci->rxbuffersize); 566 if (!skb) 567 return 0; 568 569 remap: 570 /* just set skb->cb to mapping addr for pci_unmap_single use */ 571 *((dma_addr_t *)skb->cb) = 572 dma_map_single(&rtlpci->pdev->dev, skb_tail_pointer(skb), 573 rtlpci->rxbuffersize, DMA_FROM_DEVICE); 574 bufferaddress = *((dma_addr_t *)skb->cb); 575 if (dma_mapping_error(&rtlpci->pdev->dev, bufferaddress)) { 576 if (!new_skb) > 577 kfree_skb(skb) 578 return 0; 579 } 580 rtlpci->rx_ring[rxring_idx].rx_buf[desc_idx] = skb; 581 if (rtlpriv->use_new_trx_flow) { 582 /* skb->cb may be 64 bit address */ 583 rtlpriv->cfg->ops->set_desc(hw, (u8 *)entry, false, 584 HW_DESC_RX_PREPARE, 585 (u8 *)(dma_addr_t *)skb->cb); 586 } else { 587 rtlpriv->cfg->ops->set_desc(hw, (u8 *)entry, false, 588 HW_DESC_RXBUFF_ADDR, 589 (u8 *)&bufferaddress); 590 rtlpriv->cfg->ops->set_desc(hw, (u8 *)entry, false, 591 HW_DESC_RXPKT_LEN, 592 (u8 *)&rtlpci->rxbuffersize); 593 rtlpriv->cfg->ops->set_desc(hw, (u8 *)entry, false, 594 HW_DESC_RXOWN, 595 (u8 *)&tmp_one); 596 } 597 return 1; 598 } 599
The subject should be unique and with rtw-next tag, such as "[PATCH rtw-next] wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()." Thomas Fourier <fourier.thomas@gmail.com> wrote: > When `dma_mapping_error()` is true, if a new `skb` has been allocated, > then it must be de-allocated. Add a "Compile tested only". (I guess you even didn't) > > Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com> > --- > drivers/net/wireless/realtek/rtlwifi/pci.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c > index 898f597f70a9..f754f1c3f783 100644 > --- a/drivers/net/wireless/realtek/rtlwifi/pci.c > +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c > @@ -572,8 +572,11 @@ static int _rtl_pci_init_one_rxdesc(struct ieee80211_hw *hw, > dma_map_single(&rtlpci->pdev->dev, skb_tail_pointer(skb), > rtlpci->rxbuffersize, DMA_FROM_DEVICE); > bufferaddress = *((dma_addr_t *)skb->cb); > - if (dma_mapping_error(&rtlpci->pdev->dev, bufferaddress)) > + if (dma_mapping_error(&rtlpci->pdev->dev, bufferaddress)) { > + if (!new_skb) > + kfree_skb(skb) kernel test robot reported error here. > return 0; > + } > rtlpci->rx_ring[rxring_idx].rx_buf[desc_idx] = skb; > if (rtlpriv->use_new_trx_flow) { > /* skb->cb may be 64 bit address */ > -- > 2.43.0
diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c index 898f597f70a9..f754f1c3f783 100644 --- a/drivers/net/wireless/realtek/rtlwifi/pci.c +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c @@ -572,8 +572,11 @@ static int _rtl_pci_init_one_rxdesc(struct ieee80211_hw *hw, dma_map_single(&rtlpci->pdev->dev, skb_tail_pointer(skb), rtlpci->rxbuffersize, DMA_FROM_DEVICE); bufferaddress = *((dma_addr_t *)skb->cb); - if (dma_mapping_error(&rtlpci->pdev->dev, bufferaddress)) + if (dma_mapping_error(&rtlpci->pdev->dev, bufferaddress)) { + if (!new_skb) + kfree_skb(skb) return 0; + } rtlpci->rx_ring[rxring_idx].rx_buf[desc_idx] = skb; if (rtlpriv->use_new_trx_flow) { /* skb->cb may be 64 bit address */
When `dma_mapping_error()` is true, if a new `skb` has been allocated, then it must be de-allocated. Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com> --- drivers/net/wireless/realtek/rtlwifi/pci.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)