summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorArvid Brodin <arvid.brodin@enea.com>2011-11-23 18:13:02 +0100
committerGreg Kroah-Hartman <gregkh@suse.de>2011-11-27 05:02:47 +0100
commitc64391f264b7658c00515173cca58f5b054af1a2 (patch)
tree67a403acfca8903a10bd45b86fe22488de476472 /lib
parentusb/isp1760: Simpler queue head list code. (diff)
downloadlinux-c64391f264b7658c00515173cca58f5b054af1a2.tar.xz
linux-c64391f264b7658c00515173cca58f5b054af1a2.zip
usb/isp1760: Fix race condition memory leak
This fixes a memory leak reported by Catalin Marinas: schedule_ptds() is called from isp1760_irq() and removes the qh from the controlqhs queue but ep->hcpriv still points to the qh and therefore it is not freed. Shortly after this, the isp1760_endpoint_disable() function sets ep->hcpriv to NULL and calls schedule_ptds() but since the corresponding qh is no longer in the queue, it is simply forgotten and reported by kmemleak. With this patch, the qh is always freed at endpoint_disable, instead, and the corresponding entry removed from the queue head list. While I was at it, I also replaced the lines in isp1760_endpoint_disable() that removed remaining qtds from the qh with a WARN_ON check for non-empty qh, in line with earlier comments from Alan Stern (linux-usb list, 2011-07-20). Signed-off-by: Arvid Brodin <arvid.brodin@enea.com> Tested-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'lib')
0 files changed, 0 insertions, 0 deletions