From: Zilin Guan Date: Thu, 22 Jan 2026 08:59:45 +0000 (+0000) Subject: wifi: p54: Fix memory leak in p54_beacon_update() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b50d9c06c275419ac36de8b5a5dd1ed6b522770;p=thirdparty%2Fkernel%2Flinux.git wifi: p54: Fix memory leak in p54_beacon_update() In p54_beacon_update(), beacon is allocated via ieee80211_beacon_get(). If p54_beacon_format_ie_tim() fails, the function returns immediately without freeing the allocated beacon skb, which would lead to a memory leak. Since no other references to this memory exist, it must be freed locally before returning the error. Fix this by freeing the buffer using dev_kfree_skb_any() in the error path. Note that this error path is unreachable in practice because mac80211 guarantees a minimum TIM length of 4 bytes for non-S1G devices. This change primarily serves to silence static analysis warnings and keep the error handling logic complete. Compile tested only. Issue found using a prototype static analysis tool and code review. Signed-off-by: Zilin Guan Acked-by: Christian Lamparter Link: https://patch.msgid.link/20260122085945.444955-1-zilin@seu.edu.cn Signed-off-by: Johannes Berg --- diff --git a/drivers/net/wireless/intersil/p54/main.c b/drivers/net/wireless/intersil/p54/main.c index 2ec3655f1a9c0..57a62108cbc35 100644 --- a/drivers/net/wireless/intersil/p54/main.c +++ b/drivers/net/wireless/intersil/p54/main.c @@ -143,8 +143,10 @@ static int p54_beacon_update(struct p54_common *priv, if (!beacon) return -ENOMEM; ret = p54_beacon_format_ie_tim(beacon); - if (ret) + if (ret) { + dev_kfree_skb_any(beacon); return ret; + } /* * During operation, the firmware takes care of beaconing.