On Thu, Dec 5, 2013 at 4:43 PM, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote:
> On Thu, 2013-12-05 at 16:36 +0200, Eliad Peller wrote:
>> On Thu, Dec 5, 2013 at 4:31 PM, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote:
>> > On Thu, 2013-12-05 at 11:21 +0200, Eliad Peller wrote:
>> >
>> >> @@ -219,8 +221,13 @@ void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
>> >> * the scan request or not ... if it accesses the dev
>> >> * in there (it shouldn't anyway) then it may crash.
>> >> */
>> >> - if (!leak)
>> >> - kfree(request);
>> >> + if (leak) {
>> >> + request->pending_cleanup = true;
>> >> + return;
>> >
>> > This seems insufficient, if the driver never indicates completion, we'd
>> > never clear rdev->scan_req?
>> >
>> right, but i think it somehow makes sense (i.e. the driver must
>> indicate completion...)?
>
> But the whole thing was intended to catch buggy drivers :)
>
yeah, you have a point here :)
anyway, i guess it's either leaking scan_req and hoping the driver
really forgot about it, or keeping it and hoping the driver will
finally indicate completion.
since i don't think this is a real-world scenario, i'm ok with
dropping this patch.
> Btw, should any of this go to 3.13?
maybe the first one. it's the only "real" issue.
Eliad.
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
