Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1534606ybz;
        Thu, 23 Apr 2020 00:13:11 -0700 (PDT)
X-Google-Smtp-Source: APiQypIEwaaxPfYHuaFLLJYUx63L7qd3OiXgpQCEa/mnmeIDfmPmkqDCyQp57CGbWPpIXn/fE6LT
X-Received: by 2002:a17:906:32d8:: with SMTP id k24mr1615675ejk.2.1587625991633;
        Thu, 23 Apr 2020 00:13:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587625991; cv=none;
        d=google.com; s=arc-20160816;
        b=Ysj6vl+FToO6xwJqjDTXKntrv3qcRmI1QHDZH1P5JVJP4QPONT3S2owIInJdmd2vna
         M7/QKj622uKMGc6Raa73CWS1AxKVd4Z1bcACUZd5rL8pxcWz2TIbCuhRflgLZFL51I78
         bihVzz+i9FH4YAVMNxcKotduzew65zeTslyO5MYlBneVrHhWN0l5Cmc2sSCzR8a2xlfI
         SVA1JhqjD86+ktKJ6u6Fyinj43/x+4F7E4ATwQvMyaADMM2hzn1ZUWr1jkAzVSgCBPqc
         3NN0FOGUNeTSM2z1P5eN4UphxgsIxFqL8y/E+ETvPcB+R9L2trei+8zfTA4xW++1jFCX
         ARlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:subject:cc:to:from:message-id:date;
        bh=xgeJ2bXjAU2XJEPGHYf2r7xx8s/HjwOzWyB2H7utC7M=;
        b=lA6rvgnubXlEFjRnXQHMUdqz474PhoUrUfSDjye4YH8VWYo16EKiLYSqW35/0KyUZL
         M7PFBwi0a+fDlZZJ6jNkBBcFsLXbCRDAkoKxXfP2fZ+x/4gsn6UnOWh36Ziy1ZWXYGfB
         0WZ00gDGHcrBL9GIfBsRTwHIETnKGqZ94UdNEsgWjvA6Z2kD9wpFUNT0lJ9VStfWGpZ+
         bfXcQoNxJM/AZXtpJiD7PxMpOZAZUdKHJmDdb443mmxEwAuFcyxK+bpbAHFPshreLuWk
         TVaBmx5Xdeb40cdsjdvgv+LWHUixjrmzOpu1N0lcUHYPTlFez7UVGGw8Ugd+usz5BpyC
         uY7A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y18si529609edr.442.2020.04.23.00.12.48;
        Thu, 23 Apr 2020 00:13:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726650AbgDWHLN (ORCPT <rfc822;linux.htchiang@gmail.com>
        + 99 others); Thu, 23 Apr 2020 03:11:13 -0400
Received: from mx2.suse.de ([195.135.220.15]:44850 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725562AbgDWHLN (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 23 Apr 2020 03:11:13 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id 7FC0EAE39;
        Thu, 23 Apr 2020 07:11:11 +0000 (UTC)
Date:   Thu, 23 Apr 2020 09:11:10 +0200
Message-ID: <s5h1roey8vl.wl-tiwai@suse.de>
From:   Takashi Iwai <tiwai@suse.de>
To:     Xiyu Yang <xiyuyang19@fudan.edu.cn>
Cc:     Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
        Xin Tan <tanxin.ctf@gmail.com>,
        "Geoffrey D. Bennett" <g@b4.vu>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Colin Ian King <colin.king@canonical.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>,
        alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org,
        yuanxzhang@fudan.edu.cn, kjlu@umn.edu
Subject: Re: [PATCH] ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
In-Reply-To: <1587617711-13200-1-git-send-email-xiyuyang19@fudan.edu.cn>
References: <1587617711-13200-1-git-send-email-xiyuyang19@fudan.edu.cn>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3
 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 23 Apr 2020 06:54:19 +0200,
Xiyu Yang wrote:
> 
> snd_microii_spdif_default_get() invokes snd_usb_lock_shutdown(), which
> increases the refcount of the snd_usb_audio object "chip".
> 
> When snd_microii_spdif_default_get() returns, local variable "chip"
> becomes invalid, so the refcount should be decreased to keep refcount
> balanced.
> 
> The reference counting issue happens in several exception handling paths
> of snd_microii_spdif_default_get(). When those error scenarios occur
> such as usb_ifnum_to_if() returns NULL, the function forgets to decrease
> the refcnt increased by snd_usb_lock_shutdown(), causing a refcnt leak.
> 
> Fix this issue by jumping to "end" label when those error scenarios
> occur.
> 
> Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>

Applied now (with Cc-to-stable and Fixes tags).


thanks,

Takashi