* Re: [PATCH] wimax/i2400m: Fix potential urb refcnt leak
@ 2020-04-15 9:12 Markus Elfring
0 siblings, 0 replies; 2+ messages in thread
From: Markus Elfring @ 2020-04-15 9:12 UTC (permalink / raw)
To: Xiyu Yang, Xin Tan, linux-wimax, netdev
Cc: linux-kernel, David S. Miller, Inaky Perez-Gonzalez, Kangjie Lu,
Yuan Zhang
> The issue happens in all paths of i2400mu_bus_bm_wait_for_ack(), which
> forget to decrease the refcnt increased by usb_get_urb(), causing a
> refcnt leak.
How do you think about to mention the term “reference counting” in
the commit message?
Would you like to add the tag “Fixes” to the change description?
Regards,
Markus
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH] wimax/i2400m: Fix potential urb refcnt leak
@ 2020-04-15 8:41 Xiyu Yang
0 siblings, 0 replies; 2+ messages in thread
From: Xiyu Yang @ 2020-04-15 8:41 UTC (permalink / raw)
To: Inaky Perez-Gonzalez, linux-wimax, David S. Miller, netdev, linux-kernel
Cc: yuanxzhang, kjlu, Xiyu Yang, Xin Tan
i2400mu_bus_bm_wait_for_ack() invokes usb_get_urb(), which increases the
refcount of the "notif_urb".
When i2400mu_bus_bm_wait_for_ack() returns, local variable "notif_urb"
becomes invalid, so the refcount should be decreased to keep refcount
balanced.
The issue happens in all paths of i2400mu_bus_bm_wait_for_ack(), which
forget to decrease the refcnt increased by usb_get_urb(), causing a
refcnt leak.
Fix this issue by calling usb_put_urb() before the
i2400mu_bus_bm_wait_for_ack() returns.
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
drivers/net/wimax/i2400m/usb-fw.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wimax/i2400m/usb-fw.c b/drivers/net/wimax/i2400m/usb-fw.c
index 529ebca1e9e1..1f7709d24f35 100644
--- a/drivers/net/wimax/i2400m/usb-fw.c
+++ b/drivers/net/wimax/i2400m/usb-fw.c
@@ -354,6 +354,7 @@ ssize_t i2400mu_bus_bm_wait_for_ack(struct i2400m *i2400m,
usb_autopm_put_interface(i2400mu->usb_iface);
d_fnend(8, dev, "(i2400m %p ack %p size %zu) = %ld\n",
i2400m, ack, ack_size, (long) result);
+ usb_put_urb(¬if_urb);
return result;
error_exceeded:
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-04-15 9:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-15 9:12 [PATCH] wimax/i2400m: Fix potential urb refcnt leak Markus Elfring
-- strict thread matches above, loose matches on Subject: below --
2020-04-15 8:41 Xiyu Yang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.