> Lorenzo Bianconi <lorenzo@xxxxxxxxxx> writes:
>
> >> Lorenzo Bianconi <lorenzo@xxxxxxxxxx> writes:
> >>
> >> > If the fragment is discarded in mt76_add_fragment() since shared_info
> >> > frag array is full, discard truncated frames and do not forward them to
> >> > mac80211.
> >> >
> >> > Signed-off-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
> >>
> >> Should there be a Fixes line? I can add it.
> >
> > I am not sure it needs a Fixes tag.
>
> I think the commit log should have some kind of description about the
> background of the issue, for example if this is a recent regression or
> has been there forever etc.
Agree. Can you please check the commit log below?
Regards,
Lorenzo
"
Commit 'b102f0c522cf6 ("mt76: fix array overflow on receiving too many
fragments for a packet")' fixes a possible OOB access but it introduces a
memory leak since the pending frame is not released to page_frag_cache if
the frag array of skb_shared_info is full.
Commit '93a1d4791c10 ("mt76: dma: fix a possible memory leak in
mt76_add_fragment()")' fixes the issue but does not free the truncated skb that
is forwarded to mac80211 layer. Fix the leftover issue discarding even truncated
skbs.
"
>
> --
> https://patchwork.kernel.org/project/linux-wireless/list/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Attachment:
signature.asc
Description: PGP signature
