* [PATCH] ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
@ 2020-04-23 4:54 Xiyu Yang
2020-04-23 7:11 ` Takashi Iwai
0 siblings, 1 reply; 3+ messages in thread
From: Xiyu Yang @ 2020-04-23 4:54 UTC (permalink / raw)
To: Jaroslav Kysela, Takashi Iwai, Xin Tan, Geoffrey D. Bennett,
Greg Kroah-Hartman, Colin Ian King, Thomas Gleixner,
Pierre-Louis Bossart, Xiyu Yang, alsa-devel, linux-kernel
Cc: yuanxzhang, kjlu
snd_microii_spdif_default_get() invokes snd_usb_lock_shutdown(), which
increases the refcount of the snd_usb_audio object "chip".
When snd_microii_spdif_default_get() returns, local variable "chip"
becomes invalid, so the refcount should be decreased to keep refcount
balanced.
The reference counting issue happens in several exception handling paths
of snd_microii_spdif_default_get(). When those error scenarios occur
such as usb_ifnum_to_if() returns NULL, the function forgets to decrease
the refcnt increased by snd_usb_lock_shutdown(), causing a refcnt leak.
Fix this issue by jumping to "end" label when those error scenarios
occur.
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
sound/usb/mixer_quirks.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
index c237e24f08d9..0f072426b84c 100644
--- a/sound/usb/mixer_quirks.c
+++ b/sound/usb/mixer_quirks.c
@@ -1508,11 +1508,15 @@ static int snd_microii_spdif_default_get(struct snd_kcontrol *kcontrol,
/* use known values for that card: interface#1 altsetting#1 */
iface = usb_ifnum_to_if(chip->dev, 1);
- if (!iface || iface->num_altsetting < 2)
- return -EINVAL;
+ if (!iface || iface->num_altsetting < 2) {
+ err = -EINVAL;
+ goto end;
+ }
alts = &iface->altsetting[1];
- if (get_iface_desc(alts)->bNumEndpoints < 1)
- return -EINVAL;
+ if (get_iface_desc(alts)->bNumEndpoints < 1) {
+ err = -EINVAL;
+ goto end;
+ }
ep = get_endpoint(alts, 0)->bEndpointAddress;
err = snd_usb_ctl_msg(chip->dev,
--
2.7.4
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
2020-04-23 4:54 [PATCH] ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif Xiyu Yang
@ 2020-04-23 7:11 ` Takashi Iwai
0 siblings, 0 replies; 3+ messages in thread
From: Takashi Iwai @ 2020-04-23 7:11 UTC (permalink / raw)
To: Xiyu Yang
Cc: Jaroslav Kysela, Takashi Iwai, Xin Tan, Geoffrey D. Bennett,
Greg Kroah-Hartman, Colin Ian King, Thomas Gleixner,
Pierre-Louis Bossart, alsa-devel, linux-kernel, yuanxzhang, kjlu
On Thu, 23 Apr 2020 06:54:19 +0200,
Xiyu Yang wrote:
>
> snd_microii_spdif_default_get() invokes snd_usb_lock_shutdown(), which
> increases the refcount of the snd_usb_audio object "chip".
>
> When snd_microii_spdif_default_get() returns, local variable "chip"
> becomes invalid, so the refcount should be decreased to keep refcount
> balanced.
>
> The reference counting issue happens in several exception handling paths
> of snd_microii_spdif_default_get(). When those error scenarios occur
> such as usb_ifnum_to_if() returns NULL, the function forgets to decrease
> the refcnt increased by snd_usb_lock_shutdown(), causing a refcnt leak.
>
> Fix this issue by jumping to "end" label when those error scenarios
> occur.
>
> Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Applied now (with Cc-to-stable and Fixes tags).
thanks,
Takashi
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
@ 2020-04-23 7:11 ` Takashi Iwai
0 siblings, 0 replies; 3+ messages in thread
From: Takashi Iwai @ 2020-04-23 7:11 UTC (permalink / raw)
To: Xiyu Yang
Cc: Pierre-Louis Bossart, Xin Tan, alsa-devel, Greg Kroah-Hartman,
yuanxzhang, kjlu, Takashi Iwai, Colin Ian King, Thomas Gleixner,
Geoffrey D. Bennett, linux-kernel
On Thu, 23 Apr 2020 06:54:19 +0200,
Xiyu Yang wrote:
>
> snd_microii_spdif_default_get() invokes snd_usb_lock_shutdown(), which
> increases the refcount of the snd_usb_audio object "chip".
>
> When snd_microii_spdif_default_get() returns, local variable "chip"
> becomes invalid, so the refcount should be decreased to keep refcount
> balanced.
>
> The reference counting issue happens in several exception handling paths
> of snd_microii_spdif_default_get(). When those error scenarios occur
> such as usb_ifnum_to_if() returns NULL, the function forgets to decrease
> the refcnt increased by snd_usb_lock_shutdown(), causing a refcnt leak.
>
> Fix this issue by jumping to "end" label when those error scenarios
> occur.
>
> Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Applied now (with Cc-to-stable and Fixes tags).
thanks,
Takashi
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-04-23 7:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-23 4:54 [PATCH] ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif Xiyu Yang
2020-04-23 7:11 ` Takashi Iwai
2020-04-23 7:11 ` Takashi Iwai
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.