From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: greg@kroah.com, linux-serial@vger.kernel.org
Subject: [PATCH 8/8] n_gsm: memory leak in uplink error path
Date: Mon, 13 Aug 2012 13:45:30 +0100 [thread overview]
Message-ID: <20120813124525.6125.10943.stgit@localhost.localdomain> (raw)
In-Reply-To: <20120813124254.6125.70371.stgit@localhost.localdomain>
From: Russ Gorby <russ.gorby@intel.com>
Uplink (TX) network data will go through gsm_dlci_data_output_framed
there is a bug where if memory allocation fails, the skb which
has already been pulled off the list will be lost.
In addition TX skbs were being processed in LIFO order
Fixed the memory leak, and changed to FIFO order processing
Signed-off-by: Russ Gorby <russ.gorby@intel.com>
Tested-by: Kappel, LaurentX <laurentx.kappel@intel.com>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Cc: Showjumping <stable@kernel.org>
---
drivers/tty/n_gsm.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 17c9e94..793bc38 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -868,7 +868,7 @@ static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
/* dlci->skb is locked by tx_lock */
if (dlci->skb == NULL) {
- dlci->skb = skb_dequeue(&dlci->skb_list);
+ dlci->skb = skb_dequeue_tail(&dlci->skb_list);
if (dlci->skb == NULL)
return 0;
first = 1;
@@ -892,8 +892,11 @@ static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
/* FIXME: need a timer or something to kick this so it can't
get stuck with no work outstanding and no buffer free */
- if (msg == NULL)
+ if (msg == NULL) {
+ skb_queue_tail(&dlci->skb_list, dlci->skb);
+ dlci->skb = NULL;
return -ENOMEM;
+ }
dp = msg->data;
if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
next prev parent reply other threads:[~2012-08-13 12:28 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-13 12:43 [PATCH 1/8] n_gsm.c: Implement 3GPP27.010 DLC start-up procedure in MUX Alan Cox
2012-08-13 12:43 ` [PATCH 2/8] n_gsm: uplink SKBs accumulate on list Alan Cox
2012-08-13 12:43 ` [PATCH 3/8] n_gsm : Flow control handling in Mux driver Alan Cox
2012-08-13 12:44 ` [PATCH 4/8] char: n_gsm: remove message filtering for contipated DLCI Alan Cox
2012-08-13 12:44 ` [PATCH 5/8] n_gsm: added interlocking for gsm_data_lock for certain code paths Alan Cox
2012-08-13 12:44 ` [PATCH 6/8] n_gsm: avoid accessing freed memory during CMD_FCOFF condition Alan Cox
2012-08-13 12:45 ` [PATCH 7/8] n_gsm: replace kfree_skb w/ appropriate dev_* versions Alan Cox
2012-08-13 12:45 ` Alan Cox [this message]
2012-08-16 18:57 ` [PATCH 1/8] n_gsm.c: Implement 3GPP27.010 DLC start-up procedure in MUX Greg KH
2012-08-16 19:01 ` Greg KH
2012-08-16 19:12 ` Alan Cox
2012-08-16 19:17 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120813124525.6125.10943.stgit@localhost.localdomain \
--to=alan@lxorguk.ukuu.org.uk \
--cc=greg@kroah.com \
--cc=linux-serial@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).