ieee802154: hwsim: Fix possible memory leaks

After replacing e->info, it is necessary to free the old einfo.

Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb")
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: Chen Aotian <chenaotian2@163.com>
Link: https://lore.kernel.org/r/20230409022048.61223-1-chenaotian2@163.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>

diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c
index 8445c2189d11664ab4910cc8f03e622790ba7b06..31cba9aa76366467aeb7175bb8b02cf60e77f133 100644 (file)
--- a/drivers/net/ieee802154/mac802154_hwsim.c
+++ b/drivers/net/ieee802154/mac802154_hwsim.c
@@ -685,7 +685,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info)
 static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
 {
        struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1];
-       struct hwsim_edge_info *einfo;
+       struct hwsim_edge_info *einfo, *einfo_old;
        struct hwsim_phy *phy_v0;
        struct hwsim_edge *e;
        u32 v0, v1;
@@ -723,8 +723,10 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
        list_for_each_entry_rcu(e, &phy_v0->edges, list) {
                if (e->endpoint->idx == v1) {
                        einfo->lqi = lqi;
-                       rcu_assign_pointer(e->info, einfo);
+                       einfo_old = rcu_replace_pointer(e->info, einfo,
+                                                       lockdep_is_held(&hwsim_phys_lock));
                        rcu_read_unlock();
+                       kfree_rcu(einfo_old, rcu);
                        mutex_unlock(&hwsim_phys_lock);
                        return 0;
                }