Re: [PATCH] ath9k_htc: Fix skb leaks

From: Larry Finger
Date: Tue Jan 01 2013 - 23:57:14 EST

On 01/01/2013 10:30 PM, Sujith Manoharan wrote:
Larry Finger wrote:
diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
index 4a9570d..a304748 100644
--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
+++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
@@ -278,10 +278,12 @@ int htc_connect_service(struct htc_target *target,
if (!time_left) {
dev_err(target->dev, "Service connection timeout for: %d\n",
- return -ETIMEDOUT;
+ ret = -ETIMEDOUT;
+ goto err;

*conn_rsp_epid = target->conn_rsp_epid;
+ kfree_skb(skb);
return 0;
The allocated skb should be freed in the TX completion hander,
ath9k_htc_txcompletion_cb() - doing it in htc_connect_service() is wrong, I think.

My only counter argument is that none of the other paths that get to ath9k_htc_txcompletion_cb() leak the skb. It only happens for the path that goes through htc_connect_service().


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at