On Fri, 2021-07-23 at 13:09 +0800, Dongliang Mu wrote:

The commit beee24695157 ("cfg80211: Save the regulatory domain when
setting custom regulatory") forgets to free the newly allocated regd
object.

Not really? It's not forgetting it, it just saves it?

+       new_regd = reg_copy_regd(regd);
+       if (IS_ERR(new_regd))
+               return;
+
+       tmp = get_wiphy_regdom(wiphy);
+       rcu_assign_pointer(wiphy->regd, new_regd);
+       rcu_free_regdom(tmp);

Fix this by freeing the regd object in the error handling code and
deletion function - mac80211_hwsim_del_radio.

This can't be right - the same would affect all other users of that
function, no?

Perhaps somewhere we have a case where wiphy->regd is leaked, but than
that should be fixed more generally in cfg80211?

johannes