wifi: iwlwifi: mvm: fix ptk_pn memory leak

If adding a key to firmware fails we leak the allocated ptk_pn.
This shouldn't happen in practice, but we should still fix it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.99446ffd02bc.I82a2ad6ec1395f188e0a1677cc619e3fcb1feac9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index 1670c2cef4c35faab41156c265428765230047ef..540d6e3e30d4861f115c279001c29b3b35115809 100644 (file)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -4107,7 +4107,7 @@ static int __iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
        struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
        struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
        struct iwl_mvm_sta *mvmsta = NULL;
-       struct iwl_mvm_key_pn *ptk_pn;
+       struct iwl_mvm_key_pn *ptk_pn = NULL;
        int keyidx = key->keyidx;
        u32 sec_key_id = WIDE_ID(DATA_PATH_GROUP, SEC_KEY_CMD);
        u8 sec_key_ver = iwl_fw_lookup_cmd_ver(mvm->fw, sec_key_id, 0);
@@ -4265,6 +4265,10 @@ static int __iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
                if (ret) {
                        IWL_WARN(mvm, "set key failed\n");
                        key->hw_key_idx = STA_KEY_IDX_INVALID;
+                       if (ptk_pn) {
+                               RCU_INIT_POINTER(mvmsta->ptk_pn[keyidx], NULL);
+                               kfree(ptk_pn);
+                       }
                        /*
                         * can't add key for RX, but we don't need it
                         * in the device for TX so still return 0,