Re: [PATCH] wifi: p54: Fix memory leak in p54_beacon_update()

Next message: Dirk Behme: "Re: [PATCH 3/6] rust: add `bitfield!` macro"
Previous message: Mark Brown: "Re: linux-next: manual merge of the mm-nonmm-unstable tree with the spdx tree"
In reply to: Johannes Berg: "Re: [PATCH] wifi: p54: Fix memory leak in p54_beacon_update()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Zilin Guan

Date: Tue Jan 20 2026 - 07:47:39 EST

On Tue, Jan 20, 2026 at 09:16:05AM +0100, Johannes Berg wrote:
> On Mon, 2026-01-19 at 11:31 +0000, Zilin Guan wrote:
> > In p54_beacon_update(), beacon is allocated via ieee80211_beacon_get().
> > If p54_beacon_format_ie_tim() fails, the function returns immediately
> > without freeing the allocated beacon skb, leading to a memory leak.
> >
> > Since no other references to this memory exist, it must be freed locally
> > before returning the error. Fix this by freeing the buffer using
> > dev_kfree_skb_any() in the error path.
> >
> > Compile tested only. Issue found using a prototype static analysis tool
> > and code review.
> >
> > Fixes: 0ac0d6cedf61 ("p54: Move mac80211 glue code")
>
> That doesn't seem right, although that commit didn't really "move" code,
> it added unused code ... but I think that it probably could go further
> back.
>
> johannes

Thanks for pointing this out. I traced it further back and found the issue
was introduced in commit e5ea92a7528d ("p54: AP & Ad-hoc testing").

I will update the Fixes tag and send v2.

Regards,
Zilin Guan