Re: [PATCH] can: ems_usb: fix a leak in ems_usb_start_xmit()
From: Oliver Hartkopp
Date: Fri Dec 06 2013 - 17:28:19 EST
Alexey Khoroshilov <khoroshilov@xxxxxxxxx> schrieb:
>There is spare code with obvious misprint in ems_usb_start_xmit():
>usb_free_urb() should be used to deallocate urb instead of
>usb_unanchor_urb().
>
>Found by Linux Driver Verification project (linuxtesting.org).
>
>Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
>---
> drivers/net/can/usb/ems_usb.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/net/can/usb/ems_usb.c
>b/drivers/net/can/usb/ems_usb.c
>index 5f9a7ad9b964..beae1ec255f4 100644
>--- a/drivers/net/can/usb/ems_usb.c
>+++ b/drivers/net/can/usb/ems_usb.c
>@@ -798,7 +798,7 @@ static netdev_tx_t ems_usb_start_xmit(struct
>sk_buff *skb, struct net_device *ne
> * allowed (MAX_TX_URBS).
> */
> if (!context) {
>- usb_unanchor_urb(urb);
>+ usb_free_urb(urb);
> usb_free_coherent(dev->udev, size, buf, urb->transfer_dma);
>
looks like you are introducing a new use after free problem here ...
> netdev_warn(netdev, "couldn't find free context\n");
--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/