From: Laurent Vivier <lvivier@redhat.com>
To: P J P <ppandit@redhat.com>, Qemu Developers <qemu-devel@nongnu.org>
Cc: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Prasad J Pandit <pjp@fedoraproject.org>
Subject: Re: [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers
Date: Tue, 16 Feb 2016 11:56:13 +0100 [thread overview]
Message-ID: <56C3004D.1010008@redhat.com> (raw)
In-Reply-To: <1455617054-8481-1-git-send-email-ppandit@redhat.com>
On 16/02/2016 11:04, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> When transitioning an OHCI controller to the OHCI_USB_OPERATIONAL
> state, it creates an eof timer object in 'ohci_bus_start'.
> It does not check if one already exists. This results in memory
> leakage and null dereference issue. Add a check to avoid it.
>
> Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
> ---
> hw/usb/hcd-ohci.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
> index 7d65818..15f0b44 100644
> --- a/hw/usb/hcd-ohci.c
> +++ b/hw/usb/hcd-ohci.c
> @@ -1331,11 +1331,11 @@ static void ohci_frame_boundary(void *opaque)
> */
> static int ohci_bus_start(OHCIState *ohci)
> {
> - ohci->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
> - ohci_frame_boundary,
> - ohci);
> -
> - if (ohci->eof_timer == NULL) {
> + if (!ohci->eof_timer) {
> + ohci->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
> + ohci_frame_boundary, ohci);
> + }
> + if (!ohci->eof_timer) {
> trace_usb_ohci_bus_eof_timer_failed(ohci->name);
> ohci_die(ohci);
> return 0;
>
next prev parent reply other threads:[~2016-02-16 10:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-16 10:04 [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers P J P
2016-02-16 10:56 ` Laurent Vivier [this message]
2016-02-16 14:17 ` Gerd Hoffmann
2016-02-16 17:32 ` P J P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56C3004D.1010008@redhat.com \
--to=lvivier@redhat.com \
--cc=kraxel@redhat.com \
--cc=pjp@fedoraproject.org \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=zuozhi.fzz@alibaba-inc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.