On Tue, Jun 25, 2019 at 11:51:36PM +0200, Pavel Machek wrote:
Hi!
From: Eric Biggers ebiggers@google.com
commit 4f488fbca2a86cc7714a128952eead92cac279ab upstream.
In wiphy_new_nm(), if an error occurs after dev_set_name() and device_initialize() have already been called, it's necessary to call put_device() (via wiphy_free()) to avoid a memory leak.
....
--- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -498,7 +498,7 @@ use_default_name: &rdev->rfkill_ops, rdev); if (!rdev->rfkill) {
kfree(rdev);
wiphy_free(&rdev->wiphy);Is kfree(rdev) still neccessary? drivers/net/wireless/marvell/libertas/cfg.c seems to suggest so.
No, because it's freed by:
wiphy_free() => put_device() => wiphy_dev_release() => cfg80211_dev_free() => kfree(rdev)
drivers/net/wireless/marvell/libertas/cfg.c is different because there the struct wiphy is separately allocated from the struct wireless_dev that's being freed afterwards.
- Eric