CVE-2024-40942

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: mesh: Fix leak of meshpreqqueue objects

The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix this by flushing all corresponding items of the preqqueue in meshpathflushpending().

This should take care of KASAN reports like this:

unreferenced object 0xffff00000668d800 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419552 (age 1836.444s) hex dump (first 32 bytes): 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h..... 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>........... backtrace: [<000000007302a0b6>] _kmemcacheallocnode+0x1e0/0x35c [<00000000049bd418>] kmalloctrace+0x34/0x80 [<0000000000d792bb>] meshqueuepreq+0x44/0x2a8 [<00000000c99c3696>] meshnexthopresolve+0x198/0x19c [<00000000926bf598>] ieee80211xmit+0x1d0/0x1f4 [<00000000fc8c2284>] _ieee80211subifstartxmit+0x30c/0x764 [<000000005926ee38>] ieee80211subifstartxmit+0x9c/0x7a4 [<000000004c86e916>] devhardstartxmit+0x174/0x440 [<0000000023495647>] _devqueuexmit+0xe24/0x111c [<00000000cfe9ca78>] batadvsendskbpacket+0x180/0x1e4 [<000000007bacc5d5>] batadvvelpperiodicwork+0x2f4/0x508 [<00000000adc3cd94>] processonework+0x4b8/0xa1c [<00000000b36425d1>] workerthread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] retfromfork+0x10/0x20 unreferenced object 0xffff000009051f00 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419553 (age 1836.440s) hex dump (first 32 bytes): 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h..... 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy..... backtrace: [<000000007302a0b6>] _kmemcacheallocnode+0x1e0/0x35c [<00000000049bd418>] kmalloctrace+0x34/0x80 [<0000000000d792bb>] meshqueuepreq+0x44/0x2a8 [<00000000c99c3696>] meshnexthopresolve+0x198/0x19c [<00000000926bf598>] ieee80211xmit+0x1d0/0x1f4 [<00000000fc8c2284>] _ieee80211subifstartxmit+0x30c/0x764 [<000000005926ee38>] ieee80211subifstartxmit+0x9c/0x7a4 [<000000004c86e916>] devhardstartxmit+0x174/0x440 [<0000000023495647>] _devqueuexmit+0xe24/0x111c [<00000000cfe9ca78>] batadvsendskbpacket+0x180/0x1e4 [<000000007bacc5d5>] batadvvelpperiodicwork+0x2f4/0x508 [<00000000adc3cd94>] processonework+0x4b8/0xa1c [<00000000b36425d1>] workerthread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] retfromfork+0x10/0x20