Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Apr 2025 14:37:28 GMT
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: e273079ac52d - stable/14 - LinuxKPI: 802.11: plug mbuf leak
Message-ID:  <202504181437.53IEbSlD092320@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=e273079ac52d8b2ee9d6a5578cc15dc09a705df8

commit e273079ac52d8b2ee9d6a5578cc15dc09a705df8
Author:     Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2025-04-13 16:13:22 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-04-18 14:36:03 +0000

    LinuxKPI: 802.11: plug mbuf leak
    
    Now that we are doing VHT it is possible to overflow the mbufqs
    we use in the TX and RX paths.  Check the return code of mbufq_enqueue()
    deal with any error accordingly and propagate it.
    
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit c816f64e66a0d21196ede35da3eca19e54b59a03)
---
 sys/compat/linuxkpi/common/src/linux_80211.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c
index 11c0077fe571..3dba41a4e547 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.c
+++ b/sys/compat/linuxkpi/common/src/linux_80211.c
@@ -4530,6 +4530,7 @@ lkpi_xmit(struct ieee80211_node *ni, struct mbuf *m,
     bool freem)
 {
 	struct lkpi_sta *lsta;
+	int error;
 
 	lsta = ni->ni_drv_data;
 	LKPI_80211_LSTA_TXQ_LOCK(lsta);
@@ -6442,7 +6443,7 @@ linuxkpi_ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
 	struct ieee80211vap *vap;
 	struct ieee80211_hdr *hdr;
 	struct lkpi_sta *lsta;
-	int i, offset, ok;
+	int i, offset, ok, error;
 	uint8_t rssi;
 	bool is_beacon;
 
@@ -6656,7 +6657,18 @@ skip_device_ts:
 		goto err;
 	}
 
-	mbufq_enqueue(&lhw->rxq, m);
+	error = mbufq_enqueue(&lhw->rxq, m);
+	if (error != 0) {
+		LKPI_80211_LHW_RXQ_UNLOCK(lhw);
+		m_freem(m);
+		counter_u64_add(ic->ic_ierrors, 1);
+#ifdef LINUXKPI_DEBUG_80211
+		if (linuxkpi_debug_80211 & D80211_TRACE_RX)
+			ic_printf(ni->ni_ic, "%s: mbufq_enqueue failed: %d\n",
+			    __func__, error);
+#endif
+		goto err;
+	}
 	taskqueue_enqueue(taskqueue_thread, &lhw->rxq_task);
 	LKPI_80211_LHW_RXQ_UNLOCK(lhw);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202504181437.53IEbSlD092320>