From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57681) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVgRd-00075M-1x for qemu-devel@nongnu.org; Tue, 16 Feb 2016 09:17:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aVgRX-0003H8-Tc for qemu-devel@nongnu.org; Tue, 16 Feb 2016 09:17:36 -0500 Received: from mx1.redhat.com ([209.132.183.28]:40899) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVgRX-0003H3-Lk for qemu-devel@nongnu.org; Tue, 16 Feb 2016 09:17:31 -0500 Message-ID: <1455632244.7504.102.camel@redhat.com> From: Gerd Hoffmann Date: Tue, 16 Feb 2016 15:17:24 +0100 In-Reply-To: <1455617054-8481-1-git-send-email-ppandit@redhat.com> References: <1455617054-8481-1-git-send-email-ppandit@redhat.com> Content-Type: multipart/mixed; boundary="=-DVdJ74V5T4VMabpkcfRg" Mime-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: P J P Cc: Zuozhi Fzz , Qemu Developers , Prasad J Pandit --=-DVdJ74V5T4VMabpkcfRg Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Di, 2016-02-16 at 15:34 +0530, P J P wrote: > When transitioning an OHCI controller to the OHCI_USB_OPERATIONAL > state, it creates an eof timer object in 'ohci_bus_start'. > It does not check if one already exists. This results in memory > leakage and null dereference issue. Add a check to avoid it. Well, allocating and deallocating the timer all the time isn't a great idea in the first place. Can you try the attached patch instead? thanks, Gerd --=-DVdJ74V5T4VMabpkcfRg Content-Disposition: attachment; filename="0001-ohci-timer-fix.patch" Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name="0001-ohci-timer-fix.patch"; charset="UTF-8" RnJvbSBkMWIwN2JlY2M0ODFlMDkyMjVjZmU5MDVlYzM1NzgwN2FlMDdmMDk1IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBHZXJkIEhvZmZtYW5uIDxrcmF4ZWxAcmVkaGF0LmNvbT4KRGF0 ZTogVHVlLCAxNiBGZWIgMjAxNiAxNToxNTowNCArMDEwMApTdWJqZWN0OiBbUEFUQ0hdIG9oY2kg dGltZXIgZml4CgpTaWduZWQtb2ZmLWJ5OiBHZXJkIEhvZmZtYW5uIDxrcmF4ZWxAcmVkaGF0LmNv bT4KLS0tCiBody91c2IvaGNkLW9oY2kuYyB8IDMxICsrKysrLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCA1IGluc2VydGlvbnMoKyksIDI2IGRlbGV0aW9ucygtKQoK ZGlmZiAtLWdpdCBhL2h3L3VzYi9oY2Qtb2hjaS5jIGIvaHcvdXNiL2hjZC1vaGNpLmMKaW5kZXgg YmVkNTVkZC4uM2QxMjcwZCAxMDA2NDQKLS0tIGEvaHcvdXNiL2hjZC1vaGNpLmMKKysrIGIvaHcv dXNiL2hjZC1vaGNpLmMKQEAgLTEzNDcsMTYgKzEzNDcsNiBAQCBzdGF0aWMgdm9pZCBvaGNpX2Zy YW1lX2JvdW5kYXJ5KHZvaWQgKm9wYXF1ZSkKICAqLwogc3RhdGljIGludCBvaGNpX2J1c19zdGFy dChPSENJU3RhdGUgKm9oY2kpCiB7Ci0gICAgb2hjaS0+ZW9mX3RpbWVyID0gdGltZXJfbmV3X25z KFFFTVVfQ0xPQ0tfVklSVFVBTCwKLSAgICAgICAgICAgICAgICAgICAgb2hjaV9mcmFtZV9ib3Vu ZGFyeSwKLSAgICAgICAgICAgICAgICAgICAgb2hjaSk7Ci0KLSAgICBpZiAob2hjaS0+ZW9mX3Rp bWVyID09IE5VTEwpIHsKLSAgICAgICAgdHJhY2VfdXNiX29oY2lfYnVzX2VvZl90aW1lcl9mYWls ZWQob2hjaS0+bmFtZSk7Ci0gICAgICAgIG9oY2lfZGllKG9oY2kpOwotICAgICAgICByZXR1cm4g MDsKLSAgICB9Ci0KICAgICB0cmFjZV91c2Jfb2hjaV9zdGFydChvaGNpLT5uYW1lKTsKIAogICAg IC8qIERlbGF5IHRoZSBmaXJzdCBTT0YgZXZlbnQgYnkgb25lIGZyYW1lIHRpbWUgYXMKQEAgLTEz NzMsMTEgKzEzNjMsNyBAQCBzdGF0aWMgaW50IG9oY2lfYnVzX3N0YXJ0KE9IQ0lTdGF0ZSAqb2hj aSkKIHN0YXRpYyB2b2lkIG9oY2lfYnVzX3N0b3AoT0hDSVN0YXRlICpvaGNpKQogewogICAgIHRy YWNlX3VzYl9vaGNpX3N0b3Aob2hjaS0+bmFtZSk7Ci0gICAgaWYgKG9oY2ktPmVvZl90aW1lcikg ewotICAgICAgICB0aW1lcl9kZWwob2hjaS0+ZW9mX3RpbWVyKTsKLSAgICAgICAgdGltZXJfZnJl ZShvaGNpLT5lb2ZfdGltZXIpOwotICAgIH0KLSAgICBvaGNpLT5lb2ZfdGltZXIgPSBOVUxMOwor ICAgIHRpbWVyX2RlbChvaGNpLT5lb2ZfdGltZXIpOwogfQogCiAvKiBTZXRzIGEgZmxhZyBpbiBh IHBvcnQgc3RhdHVzIHJlZ2lzdGVyIGJ1dCBvbmx5IHNldCBpdCBpZiB0aGUgcG9ydCBpcwpAQCAt MTkwNyw2ICsxODkzLDkgQEAgc3RhdGljIHZvaWQgdXNiX29oY2lfaW5pdChPSENJU3RhdGUgKm9o Y2ksIERldmljZVN0YXRlICpkZXYsCiAgICAgdXNiX3BhY2tldF9pbml0KCZvaGNpLT51c2JfcGFj a2V0KTsKIAogICAgIG9oY2ktPmFzeW5jX3RkID0gMDsKKworICAgIG9oY2ktPmVvZl90aW1lciA9 IHRpbWVyX25ld19ucyhRRU1VX0NMT0NLX1ZJUlRVQUwsCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIG9oY2lfZnJhbWVfYm91bmRhcnksIG9oY2kpOwogfQogCiAjZGVmaW5lIFRZ UEVfUENJX09IQ0kgInBjaS1vaGNpIgpAQCAtMjA0MSwyMyArMjAzMCwxMyBAQCBzdGF0aWMgYm9v bCBvaGNpX2VvZl90aW1lcl9uZWVkZWQodm9pZCAqb3BhcXVlKQogewogICAgIE9IQ0lTdGF0ZSAq b2hjaSA9IG9wYXF1ZTsKIAotICAgIHJldHVybiBvaGNpLT5lb2ZfdGltZXIgIT0gTlVMTDsKLX0K LQotc3RhdGljIGludCBvaGNpX2VvZl90aW1lcl9wcmVfbG9hZCh2b2lkICpvcGFxdWUpCi17Ci0g ICAgT0hDSVN0YXRlICpvaGNpID0gb3BhcXVlOwotCi0gICAgb2hjaV9idXNfc3RhcnQob2hjaSk7 Ci0KLSAgICByZXR1cm4gMDsKKyAgICByZXR1cm4gdGltZXJfcGVuZGluZyhvaGNpLT5lb2ZfdGlt ZXIpOwogfQogCiBzdGF0aWMgY29uc3QgVk1TdGF0ZURlc2NyaXB0aW9uIHZtc3RhdGVfb2hjaV9l b2ZfdGltZXIgPSB7CiAgICAgLm5hbWUgPSAib2hjaS1jb3JlL2VvZi10aW1lciIsCiAgICAgLnZl cnNpb25faWQgPSAxLAogICAgIC5taW5pbXVtX3ZlcnNpb25faWQgPSAxLAotICAgIC5wcmVfbG9h ZCA9IG9oY2lfZW9mX3RpbWVyX3ByZV9sb2FkLAogICAgIC5uZWVkZWQgPSBvaGNpX2VvZl90aW1l cl9uZWVkZWQsCiAgICAgLmZpZWxkcyA9IChWTVN0YXRlRmllbGRbXSkgewogICAgICAgICBWTVNU QVRFX1RJTUVSX1BUUihlb2ZfdGltZXIsIE9IQ0lTdGF0ZSksCi0tIAoxLjguMy4xCgo= --=-DVdJ74V5T4VMabpkcfRg--