Finally got a usb athn device. I can confirm that this codepath is hit
in hostap mode and the device still works with the patch.
athn0 at uhub4 port 2 configuration 1 interface 0 "ATHEROS USB2.0 WLAN" rev
2.00/1.08 addr 3
athn0: AR9271 rev 1 (1T1R), ROM rev 13, address c4:e9:84:dc:27:11
Full dmesg below.
On Sun, 2 Dec 2018 10:15:44 +0100
Benjamin Baier <program...@netzbasis.de> wrote:
> On Sat, 1 Dec 2018 15:48:13 -0200
> Martin Pieuchot <m...@openbsd.org> wrote:
>
> > On 30/11/18(Fri) 13:49, Benjamin Baier wrote:
> > > Hi
> > >
> > > There is a leak of *arg in
> > > dev/usb/if_athn_usb.c:athn_usb_newauth() line 1263
> > > since Rev. 1.49
> > > Because athn_usb_do_async() memcpy's the argument anyway.
> > >
> > > Found with llvm/scan-build.
> > >
> > > Instead of adding free(arg) I opted to make this function
> > > more like the other ones which call athn_usb_do_async.
> > >
> > > Only compile tested... looking for tests.
> >
> > You should also remove the free(arg...) in athn_usb_newauth_cb().
> Indeed, new patch attached.
Index: if_athn_usb.c
===================================================================
RCS file: /cvs/src/sys/dev/usb/if_athn_usb.c,v
retrieving revision 1.51
diff -u -p -r1.51 if_athn_usb.c
--- if_athn_usb.c 6 Sep 2018 11:50:54 -0000 1.51
+++ if_athn_usb.c 2 Dec 2018 09:09:29 -0000
@@ -1202,8 +1202,6 @@ athn_usb_newauth_cb(struct athn_usb_soft
struct athn_node *an = (struct athn_node *)ni;
int s, error = 0;
- free(arg, M_DEVBUF, sizeof(*arg));
-
if (ic->ic_state != IEEE80211_S_RUN)
return;
@@ -1231,7 +1229,7 @@ athn_usb_newauth(struct ieee80211com *ic
struct ifnet *ifp = &ic->ic_if;
struct athn_node *an = (struct athn_node *)ni;
int nsta;
- struct athn_usb_newauth_cb_arg *arg;
+ struct athn_usb_newauth_cb_arg arg;
if (ic->ic_opmode != IEEE80211_M_HOSTAP)
return 0;
@@ -1254,12 +1252,9 @@ athn_usb_newauth(struct ieee80211com *ic
* In a process context, try to add this node to the
* firmware table and confirm the AUTH request.
*/
- arg = malloc(sizeof(*arg), M_DEVBUF, M_NOWAIT);
- if (arg == NULL)
- return ENOMEM;
- arg->ni = ieee80211_ref_node(ni);
- arg->seq = seq;
- athn_usb_do_async(usc, athn_usb_newauth_cb, arg, sizeof(*arg));
+ arg.ni = ieee80211_ref_node(ni);
+ arg.seq = seq;
+ athn_usb_do_async(usc, athn_usb_newauth_cb, &arg, sizeof(arg));
return EBUSY;
#else
return 0;
OpenBSD 6.4-current (GENERIC.MP) #492: Mon Dec 3 21:37:10 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8451125248 (8059MB)
avail mem = 8185712640 (7806MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
bios0: vendor LENOVO version "8DET69WW (1.39 )" date 07/18/2013
bios0: LENOVO 4287CTO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT
SSDT DMAR UEFI UEFI UEFI
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3)
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.26 MHz, 06-2a-07
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf8000000, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 5 (EXP4)
acpiprt5 at acpi0: bus 13 (EXP5)
acpiprt6 at acpi0: bus -1 (EXP7)
acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
acpitz0 at acpi0: critical temperature is 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
acpicmos0 at acpi0
acpibat0 at acpi0: BAT0 model "42T4861" serial 12675 type LION oem "SANYO"
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
"IBM0079" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpidock0 at acpi0: GDCK docked (15)
acpivideo0 at acpi0: VID_
acpivout at acpivideo0 not configured
acpivideo1 at acpi0: VID_
cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600,
1400, 1200, 1000, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1366x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address
f0:de:f1:cd:a7:0f
ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi
azalia0: codecs: Conexant CX20590, Intel/0x2805, using Conexant CX20590
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: msi
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi,
MIMO 2T2R, MoW, address 10:0b:a9:9e:65:34
ppb2 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb4: msi
pci3 at ppb2 bus 5
ppb3 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi
pci4 at ppb3 bus 13
sdhc0 at pci4 dev 0 function 0 "Ricoh 5U823 SD/MMC" rev 0x04: apic 2 int 16
sdhc0: SDHC 3.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
pcib0 at pci0 dev 31 function 0 "Intel QM67 LPC" rev 0x04
ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi, AHCI 1.3
ahci0: port 0: 6.0Gb/s
ahci0: port 1: 1.5Gb/s
ahci0: port 2: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, SanDisk SD6SB1M1, X230> SCSI3 0/direct
fixed naa.5001b449c700768f
sd0: 122104MB, 512 bytes/sector, 250069680 sectors, thin
cd0 at scsibus1 targ 1 lun 0: <Optiarc, DVD RW AD-7930H, 1.D1> ATAPI 5/cdrom
removable
sd1 at scsibus1 targ 2 lun 0: <ATA, TOSHIBA THNSNH25, HTGA> SCSI3 0/direct
fixed naa.500080db000064dc
sd1: 244198MB, 512 bytes/sector, 500118192 sectors, thin
ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 2 int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
wsmouse1 at pms0 mux 0
pms0: Synaptics clickpad, firmware 8.0, 0x1e2b1 0x940300
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
aps0 at isa0 port 0x1600/31
vmm0 at mainbus0: VMX/EPT
uhub2 at uhub0 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev
2.00/0.00 addr 2
uhub3 at uhub2 port 1 configuration 1 interface 0 "Standard Microsystems
product 0x2514" rev 2.00/0.00 addr 3
uhidev0 at uhub3 port 2 configuration 1 interface 0 "TypeMatrix.com USB
Keyboard" rev 1.10/1.50 addr 4
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub3 port 2 configuration 1 interface 1 "TypeMatrix.com USB
Keyboard" rev 1.10/1.50 addr 4
uhidev1: iclass 3/1, 3 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
uhid2 at uhidev1 reportid 3: input=2, output=1, feature=0
uhidev2 at uhub3 port 4 configuration 1 interface 0 "SteelSeries Kinzu V2
Gaming Mouse" rev 1.10/0.96 addr 5
uhidev2: iclass 3/0
uhid3 at uhidev2: input=32, output=32, feature=255
uhidev3 at uhub3 port 4 configuration 1 interface 1 "SteelSeries Kinzu V2
Gaming Mouse" rev 1.10/0.96 addr 5
uhidev3: iclass 3/1
ums0 at uhidev3: 8 buttons, Z dir
wsmouse2 at ums0 mux 0
ugen0 at uhub2 port 4 "Broadcom Corp Broadcom Bluetooth Device" rev 2.00/7.48
addr 6
uvideo0 at uhub2 port 6 configuration 1 interface 0 "Chicony Electronics Co.,
Ltd. Integrated Camera" rev 2.00/8.54 addr 7
video0 at uvideo0
uhub4 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev
2.00/0.00 addr 2
athn0 at uhub4 port 2 configuration 1 interface 0 "ATHEROS USB2.0 WLAN" rev
2.00/1.08 addr 3
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 0, 006> SCSI2 0/direct fixed
sd2: 223732MB, 512 bytes/sector, 458204672 sectors
root on sd1a (cb2b25d2bc04572e.a) swap on sd1b dump on sd1b
athn0: AR9271 rev 1 (1T1R), ROM rev 13, address c4:e9:84:dc:27:11
wskbd1: disconnecting from wsdisplay0
wskbd1 detached
ukbd0 detached
uhidev0 detached
uhid0 detached
uhid1 detached
uhid2 detached
uhidev1 detached
uhidev0 at uhub3 port 2 configuration 1 interface 0 "TypeMatrix.com USB
Keyboard" rev 1.10/1.50 addr 4
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub3 port 2 configuration 1 interface 1 "TypeMatrix.com USB
Keyboard" rev 1.10/1.50 addr 4
uhidev1: iclass 3/1, 3 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=2, output=0, feature=0
uhid2 at uhidev1 reportid 3: input=2, output=1, feature=0
