1. Patchew
  2. linux
  3. View series

[PATCH v2 v2] wifi: wilc1000: fix dma_buffer leak on bus acquire failure

Shitalkumar Gandhi posted 1 patch 1 month ago 
drivers/net/wireless/microchip/wilc1000/wlan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH v2 v2] wifi: wilc1000: fix dma_buffer leak on bus acquire failure
Posted by Shitalkumar Gandhi 1 month ago 
wilc_wlan_firmware_download() allocates dma_buffer with kmalloc() at
the top of the function and uses a 'fail:' label to free it via
kfree(dma_buffer) on error.

All later error paths correctly use 'goto fail' to route through this
cleanup. However, the early failure path after the first acquire_bus()
call uses a bare 'return ret;', which leaks dma_buffer whenever the bus
acquire fails.

Replace the early return with goto fail so the existing cleanup path
runs.

Found via a custom Coccinelle semantic patch hunting for kmalloc'd
locals leaked on early-return error paths in driver firmware-download
code.

Fixes: 1241c5650ff7 ("wifi: wilc1000: Fill in missing error handling")
Signed-off-by: Shitalkumar Gandhi <shitalkumar.gandhi@cambiumnetworks.com>
---
Changes since v1:
  - Corrected From: and Signed-off-by: to author's real identity
    (Shitalkumar Gandhi <shitalkumar.gandhi@cambiumnetworks.com>).
    v1 was sent with incorrect author attribution due to a local
    git config mistake. No code changes.

 drivers/net/wireless/microchip/wilc1000/wlan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/microchip/wilc1000/wlan.c b/drivers/net/wireless/microchip/wilc1000/wlan.c
index 3fa8592eb250..4b116fe6f9ea 100644
--- a/drivers/net/wireless/microchip/wilc1000/wlan.c
+++ b/drivers/net/wireless/microchip/wilc1000/wlan.c
@@ -1265,7 +1265,7 @@ int wilc_wlan_firmware_download(struct wilc *wilc, const u8 *buffer,
 
 	ret = acquire_bus(wilc, WILC_BUS_ACQUIRE_AND_WAKEUP);
 	if (ret)
-		return ret;
+		goto fail;
 
 	wilc->hif_func->hif_read_reg(wilc, WILC_GLB_RESET_0, &reg);
 	reg &= ~BIT(10);
-- 
2.25.1
Re: [PATCH v2 v2] wifi: wilc1000: fix dma_buffer leak on bus acquire failure
Posted by Simon Horman 4 weeks ago 
On Mon, May 11, 2026 at 09:57:32AM +0530, Shitalkumar Gandhi wrote:
> wilc_wlan_firmware_download() allocates dma_buffer with kmalloc() at
> the top of the function and uses a 'fail:' label to free it via
> kfree(dma_buffer) on error.
> 
> All later error paths correctly use 'goto fail' to route through this
> cleanup. However, the early failure path after the first acquire_bus()
> call uses a bare 'return ret;', which leaks dma_buffer whenever the bus
> acquire fails.
> 
> Replace the early return with goto fail so the existing cleanup path
> runs.
> 
> Found via a custom Coccinelle semantic patch hunting for kmalloc'd
> locals leaked on early-return error paths in driver firmware-download
> code.
> 
> Fixes: 1241c5650ff7 ("wifi: wilc1000: Fill in missing error handling")
> Signed-off-by: Shitalkumar Gandhi <shitalkumar.gandhi@cambiumnetworks.com>
> ---
> Changes since v1:
>   - Corrected From: and Signed-off-by: to author's real identity
>     (Shitalkumar Gandhi <shitalkumar.gandhi@cambiumnetworks.com>).
>     v1 was sent with incorrect author attribution due to a local
>     git config mistake. No code changes.

Reviewed-by: Simon Horman <horms@kernel.org>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.