projects
/
GitHub
/
moto-9609
/
android_kernel_motorola_exynos9610.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
576d554
)
xhci: fix memleak in xhci_run()
author
Shu Wang
<shuwang@redhat.com>
Thu, 20 Jul 2017 11:48:31 +0000
(14:48 +0300)
committer
Greg Kroah-Hartman
<gregkh@linuxfoundation.org>
Thu, 20 Jul 2017 12:40:36 +0000
(14:40 +0200)
Found this issue by kmemleak.
xhci_run() did not check return val and free command for
xhci_queue_vendor_command()
unreferenced object 0xffff88011c0be500 (size 64):
comm "kworker/0:1", pid 58, jiffies
4294670908
(age 50.420s)
hex dump (first 32 bytes):
backtrace:
[<
ffffffff8176166a
>] kmemleak_alloc+0x4a/0xa0
[<
ffffffff8121801a
>] kmem_cache_alloc_trace+0xca/0x1d0
[<
ffffffff81576bf4
>] xhci_alloc_command+0x44/0x130
[<
ffffffff8156f1cc
>] xhci_run+0x4cc/0x630
[<
ffffffff8153b84b
>] usb_add_hcd+0x3bb/0x950
[<
ffffffff8154eac8
>] usb_hcd_pci_probe+0x188/0x500
[<
ffffffff815851ac
>] xhci_pci_probe+0x2c/0x220
[<
ffffffff813d2ca5
>] local_pci_probe+0x45/0xa0
[<
ffffffff810a54e4
>] work_for_cpu_fn+0x14/0x20
[<
ffffffff810a8409
>] process_one_work+0x149/0x360
[<
ffffffff810a8d08
>] worker_thread+0x1d8/0x3c0
[<
ffffffff810ae7d9
>] kthread+0x109/0x140
[<
ffffffff8176d585
>] ret_from_fork+0x25/0x30
[<
ffffffffffffffff
>] 0xffffffffffffffff
Cc: <stable@vger.kernel.org>
Signed-off-by: Shu Wang <shuwang@redhat.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/host/xhci.c
patch
|
blob
|
blame
|
history
diff --git
a/drivers/usb/host/xhci.c
b/drivers/usb/host/xhci.c
index 51326425f9cc799c2d81d910e9d1a7575b4a8bbb..b2ff1ff1a02faff066374cafdf9fa5b531db5b81 100644
(file)
--- a/
drivers/usb/host/xhci.c
+++ b/
drivers/usb/host/xhci.c
@@
-625,8
+625,10
@@
int xhci_run(struct usb_hcd *hcd)
if (!command)
return -ENOMEM;
- xhci_queue_vendor_command(xhci, command, 0, 0, 0,
+
ret =
xhci_queue_vendor_command(xhci, command, 0, 0, 0,
TRB_TYPE(TRB_NEC_GET_FW));
+ if (ret)
+ xhci_free_command(xhci, command);
}
xhci_dbg_trace(xhci, trace_xhci_dbg_init,
"Finished xhci_run for USB2 roothub");