All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] xhci_register: Fix double free on failure
@ 2023-07-24 19:45 Richard Habeeb
  2023-07-25  2:22 ` Bin Meng
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Richard Habeeb @ 2023-07-24 19:45 UTC (permalink / raw)
  To: U-Boot Mailing List; +Cc: Bin Meng, Marek Vasut, Richard Habeeb

drivers/core/device.c will call `device_free()` after xhci_register
already frees the private device data. This can cause a crash later
during the boot process, observed on aarch64 RPi4b as a synchronous
exception. All callers of xhci_register use priv_auto, so this won't
lead to memory leaks.

Signed-off-by: Richard Habeeb <richard.habeeb@gmail.com>
---

 drivers/usb/host/xhci.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 9e33c5d855..5cacf0769e 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1418,7 +1418,6 @@ int xhci_register(struct udevice *dev, struct
xhci_hccr *hccr,

  return 0;
 err:
- free(ctrl);
  debug("%s: failed, ret=%d\n", __func__, ret);
  return ret;
 }
-- 
2.17.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] xhci_register: Fix double free on failure
  2023-07-24 19:45 [PATCH] xhci_register: Fix double free on failure Richard Habeeb
@ 2023-07-25  2:22 ` Bin Meng
  2023-07-25 14:52 ` Simon Glass
  2023-07-27  2:01 ` Marek Vasut
  2 siblings, 0 replies; 5+ messages in thread
From: Bin Meng @ 2023-07-25  2:22 UTC (permalink / raw)
  To: Richard Habeeb; +Cc: U-Boot Mailing List, Marek Vasut

On Tue, Jul 25, 2023 at 3:45 AM Richard Habeeb <richard.habeeb@gmail.com> wrote:
>
> drivers/core/device.c will call `device_free()` after xhci_register
> already frees the private device data. This can cause a crash later
> during the boot process, observed on aarch64 RPi4b as a synchronous
> exception. All callers of xhci_register use priv_auto, so this won't
> lead to memory leaks.
>
> Signed-off-by: Richard Habeeb <richard.habeeb@gmail.com>
> ---
>
>  drivers/usb/host/xhci.c | 1 -
>  1 file changed, 1 deletion(-)
>

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] xhci_register: Fix double free on failure
  2023-07-24 19:45 [PATCH] xhci_register: Fix double free on failure Richard Habeeb
  2023-07-25  2:22 ` Bin Meng
@ 2023-07-25 14:52 ` Simon Glass
  2023-07-27  2:01 ` Marek Vasut
  2 siblings, 0 replies; 5+ messages in thread
From: Simon Glass @ 2023-07-25 14:52 UTC (permalink / raw)
  To: richard.habeeb; +Cc: U-Boot Mailing List, Bin Meng, Marek Vasut

On Mon, 24 Jul 2023 at 13:45, Richard Habeeb <richard.habeeb@gmail.com> wrote:
>
> drivers/core/device.c will call `device_free()` after xhci_register
> already frees the private device data. This can cause a crash later
> during the boot process, observed on aarch64 RPi4b as a synchronous
> exception. All callers of xhci_register use priv_auto, so this won't
> lead to memory leaks.
>
> Signed-off-by: Richard Habeeb <richard.habeeb@gmail.com>
> ---
>
>  drivers/usb/host/xhci.c | 1 -
>  1 file changed, 1 deletion(-)
>

Reviewed-by: Simon Glass <sjg@chromium.org>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] xhci_register: Fix double free on failure
  2023-07-24 19:45 [PATCH] xhci_register: Fix double free on failure Richard Habeeb
  2023-07-25  2:22 ` Bin Meng
  2023-07-25 14:52 ` Simon Glass
@ 2023-07-27  2:01 ` Marek Vasut
  2023-07-27  3:32   ` Richard Habeeb
  2 siblings, 1 reply; 5+ messages in thread
From: Marek Vasut @ 2023-07-27  2:01 UTC (permalink / raw)
  To: Richard Habeeb, U-Boot Mailing List; +Cc: Bin Meng

On 7/24/23 21:45, Richard Habeeb wrote:
> drivers/core/device.c will call `device_free()` after xhci_register
> already frees the private device data. This can cause a crash later
> during the boot process, observed on aarch64 RPi4b as a synchronous
> exception. All callers of xhci_register use priv_auto, so this won't
> lead to memory leaks.
> 
> Signed-off-by: Richard Habeeb <richard.habeeb@gmail.com>
> ---
> 
>   drivers/usb/host/xhci.c | 1 -
>   1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
> index 9e33c5d855..5cacf0769e 100644
> --- a/drivers/usb/host/xhci.c
> +++ b/drivers/usb/host/xhci.c
> @@ -1418,7 +1418,6 @@ int xhci_register(struct udevice *dev, struct
> xhci_hccr *hccr,
> 
>    return 0;
>   err:
> - free(ctrl);
>    debug("%s: failed, ret=%d\n", __func__, ret);
>    return ret;
>   }

The patch is corrupted (tabs in original source replaced by spaces).

Subject: tags should be 'usb: xhci:' .

Please make sure to use git send-email and look at previous commits for 
subject tags next time .

Both fixed and applied to usb/master , thanks.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] xhci_register: Fix double free on failure
  2023-07-27  2:01 ` Marek Vasut
@ 2023-07-27  3:32   ` Richard Habeeb
  0 siblings, 0 replies; 5+ messages in thread
From: Richard Habeeb @ 2023-07-27  3:32 UTC (permalink / raw)
  To: Marek Vasut; +Cc: U-Boot Mailing List, Bin Meng

Thanks, my apologies.

On Wed, Jul 26, 2023 at 10:01 PM Marek Vasut <marex@denx.de> wrote:

> On 7/24/23 21:45, Richard Habeeb wrote:
> > drivers/core/device.c will call `device_free()` after xhci_register
> > already frees the private device data. This can cause a crash later
> > during the boot process, observed on aarch64 RPi4b as a synchronous
> > exception. All callers of xhci_register use priv_auto, so this won't
> > lead to memory leaks.
> >
> > Signed-off-by: Richard Habeeb <richard.habeeb@gmail.com>
> > ---
> >
> >   drivers/usb/host/xhci.c | 1 -
> >   1 file changed, 1 deletion(-)
> >
> > diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
> > index 9e33c5d855..5cacf0769e 100644
> > --- a/drivers/usb/host/xhci.c
> > +++ b/drivers/usb/host/xhci.c
> > @@ -1418,7 +1418,6 @@ int xhci_register(struct udevice *dev, struct
> > xhci_hccr *hccr,
> >
> >    return 0;
> >   err:
> > - free(ctrl);
> >    debug("%s: failed, ret=%d\n", __func__, ret);
> >    return ret;
> >   }
>
> The patch is corrupted (tabs in original source replaced by spaces).
>
> Subject: tags should be 'usb: xhci:' .
>
> Please make sure to use git send-email and look at previous commits for
> subject tags next time .
>
> Both fixed and applied to usb/master , thanks.
>

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-07-27  3:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-24 19:45 [PATCH] xhci_register: Fix double free on failure Richard Habeeb
2023-07-25  2:22 ` Bin Meng
2023-07-25 14:52 ` Simon Glass
2023-07-27  2:01 ` Marek Vasut
2023-07-27  3:32   ` Richard Habeeb

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.