[PATCH] can: ems_usb: fix a leak in ems_usb_start

linux-can.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] can: ems_usb: fix a leak in ems_usb_start_xmit()
@ 2013-12-06 20:51 Alexey Khoroshilov
  2013-12-06 22:28 ` Oliver Hartkopp
  0 siblings, 1 reply; 3+ messages in thread
From: Alexey Khoroshilov @ 2013-12-06 20:51 UTC (permalink / raw)
  To: Wolfgang Grandegger
  Cc: Alexey Khoroshilov, Marc Kleine-Budde, linux-can, netdev,
	linux-kernel, ldv-project

There is spare code with obvious misprint in ems_usb_start_xmit():
usb_free_urb() should be used to deallocate urb instead of usb_unanchor_urb().

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
 drivers/net/can/usb/ems_usb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/can/usb/ems_usb.c b/drivers/net/can/usb/ems_usb.c
index 5f9a7ad9b964..beae1ec255f4 100644
--- a/drivers/net/can/usb/ems_usb.c
+++ b/drivers/net/can/usb/ems_usb.c
@@ -798,7 +798,7 @@ static netdev_tx_t ems_usb_start_xmit(struct sk_buff *skb, struct net_device *ne
 	 * allowed (MAX_TX_URBS).
 	 */
 	if (!context) {
-		usb_unanchor_urb(urb);
+		usb_free_urb(urb);
 		usb_free_coherent(dev->udev, size, buf, urb->transfer_dma);
 
 		netdev_warn(netdev, "couldn't find free context\n");
-- 
1.8.3.2

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] can: ems_usb: fix a leak in ems_usb_start_xmit()
  2013-12-06 20:51 [PATCH] can: ems_usb: fix a leak in ems_usb_start_xmit() Alexey Khoroshilov
@ 2013-12-06 22:28 ` Oliver Hartkopp
  2013-12-06 22:57   ` Alexey Khoroshilov
  0 siblings, 1 reply; 3+ messages in thread
From: Oliver Hartkopp @ 2013-12-06 22:28 UTC (permalink / raw)
  To: Alexey Khoroshilov, Wolfgang Grandegger
  Cc: Marc Kleine-Budde, linux-can, netdev, linux-kernel, ldv-project





Alexey Khoroshilov <khoroshilov@ispras.ru> schrieb:
>There is spare code with obvious misprint in ems_usb_start_xmit():
>usb_free_urb() should be used to deallocate urb instead of
>usb_unanchor_urb().
>
>Found by Linux Driver Verification project (linuxtesting.org).
>
>Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
>---
> drivers/net/can/usb/ems_usb.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/net/can/usb/ems_usb.c
>b/drivers/net/can/usb/ems_usb.c
>index 5f9a7ad9b964..beae1ec255f4 100644
>--- a/drivers/net/can/usb/ems_usb.c
>+++ b/drivers/net/can/usb/ems_usb.c
>@@ -798,7 +798,7 @@ static netdev_tx_t ems_usb_start_xmit(struct
>sk_buff *skb, struct net_device *ne
> 	 * allowed (MAX_TX_URBS).
> 	 */
> 	if (!context) {
>-		usb_unanchor_urb(urb);
>+		usb_free_urb(urb);
> 		usb_free_coherent(dev->udev, size, buf, urb->transfer_dma);
> 

looks like you are introducing a new use after free problem here ...

> 		netdev_warn(netdev, "couldn't find free context\n");

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] can: ems_usb: fix a leak in ems_usb_start_xmit()
  2013-12-06 22:28 ` Oliver Hartkopp
@ 2013-12-06 22:57   ` Alexey Khoroshilov
  0 siblings, 0 replies; 3+ messages in thread
From: Alexey Khoroshilov @ 2013-12-06 22:57 UTC (permalink / raw)
  To: Oliver Hartkopp, Wolfgang Grandegger
  Cc: Marc Kleine-Budde, linux-can, netdev, linux-kernel, ldv-project

On 07.12.2013 02:28, Oliver Hartkopp wrote:
> Alexey Khoroshilov <khoroshilov@ispras.ru> schrieb:
>> There is spare code with obvious misprint in ems_usb_start_xmit():
>> usb_free_urb() should be used to deallocate urb instead of
>> usb_unanchor_urb().
>>
>> Found by Linux Driver Verification project (linuxtesting.org).
>>
>> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
>> ---
>> drivers/net/can/usb/ems_usb.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/net/can/usb/ems_usb.c
>> b/drivers/net/can/usb/ems_usb.c
>> index 5f9a7ad9b964..beae1ec255f4 100644
>> --- a/drivers/net/can/usb/ems_usb.c
>> +++ b/drivers/net/can/usb/ems_usb.c
>> @@ -798,7 +798,7 @@ static netdev_tx_t ems_usb_start_xmit(struct
>> sk_buff *skb, struct net_device *ne
>> 	 * allowed (MAX_TX_URBS).
>> 	 */
>> 	if (!context) {
>> -		usb_unanchor_urb(urb);
>> +		usb_free_urb(urb);
>> 		usb_free_coherent(dev->udev, size, buf, urb->transfer_dma);
>>
> looks like you are introducing a new use after free problem here ...
>
You are right. usb_free_urb(urb) should be one line below.

I will resend the patch with one more similar fix in the driver.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-12-06 22:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-12-06 20:51 [PATCH] can: ems_usb: fix a leak in ems_usb_start_xmit() Alexey Khoroshilov
2013-12-06 22:28 ` Oliver Hartkopp
2013-12-06 22:57   ` Alexey Khoroshilov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).