lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jul 2017 10:21:36 +0800 From: Lu Baolu <baolu.lu@...ux.intel.com> To: Mathias Nyman <mathias.nyman@...ux.intel.com> Cc: linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, zhengjun.xing@...ux.intel.com, Lu Baolu <baolu.lu@...ux.intel.com> Subject: [PATCH v2 3/5] usb: xhci: Fix memory leak when xhci_disable_slot() returns error If xhci_disable_slot() returns success, a disable slot command trb was queued in the command ring. The command completion handler will free the virtual device data structure associated with the slot. On the other hand, when xhci_disable_slot() returns error, the invokers should take the responsibilities to free the slot related data structure. Otherwise, memory leakage happens. Signed-off-by: Lu Baolu <baolu.lu@...ux.intel.com> --- drivers/usb/host/xhci.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index cb2461a..2df601e 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3547,11 +3547,9 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) del_timer_sync(&virt_dev->eps[i].stop_cmd_timer); } - xhci_disable_slot(xhci, udev->slot_id); - /* - * Event command completion handler will free any data structures - * associated with the slot. XXX Can free sleep? - */ + ret = xhci_disable_slot(xhci, udev->slot_id); + if (ret) + xhci_free_virt_device(xhci, udev->slot_id); } int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id) @@ -3697,7 +3695,11 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev) return 1; disable_slot: - return xhci_disable_slot(xhci, udev->slot_id); + ret = xhci_disable_slot(xhci, udev->slot_id); + if (ret) + xhci_free_virt_device(xhci, udev->slot_id); + + return 0; } /* -- 2.7.4
Powered by blists - more mailing lists