Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp1569427iof; Tue, 7 Jun 2022 07:57:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxjwy7LhUf3BycZOsXUhy/YJOmw+c1hycpO+F+Tt8L+5UiHiH2CaK8yjLxjSp49eJtsTf96 X-Received: by 2002:a05:6a00:10d3:b0:4fe:5d:75c8 with SMTP id d19-20020a056a0010d300b004fe005d75c8mr29717860pfu.6.1654613847824; Tue, 07 Jun 2022 07:57:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654613847; cv=none; d=google.com; s=arc-20160816; b=y42jg8k2qmnGit2TzpNhf1v0AsmYHeRhGP20DUSkzI+SEOAtif6xou/tfS8kvr76aE p+QOLzbVuAFAZhr7d+q/XaRU1q4vTPlSBnYBwCRI5X8Dl35Qa37Fgaehz/UuamhDuFM0 h3OCpe2PzGCIWBUFa2nR6Q86tEtd7OH2zNPBav6nNyGblIR97uniaSjCkod9mPLNyAts DCKILhGPV8udqi2jCSbcxRHafvMfGGbJBMwPfa4GgtgL51dNdGmHQBW9QmR3QjF+V8Od eBgPSNEkMKy3MdHaukh016y44VcRlepdpQ08CML3w7MDXyLgEGAGdumOUxTqNzo/OXJt dECQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:to:from; bh=miYIEMpyspROjLSO9uy7DWZTBAjsjYNY6WgBISqdYEQ=; b=0G/m17Yk+L7RmRB6cdu+eYMLwzIsN6zTaUH78cf5QoO3rX28vlp1VZnjS0lkMbgwXS J1h9mw7L0QXhLUs4Q+wp04LSQn8Cj1Nuq/KUK9oAIZSLUfNJ5nXQV9aD7vwqS5L6ih0B m1jSSQOQzbnhGISLGWCski64yGFXJFssrSusqoK58wDd99n8Te9yhTCIVHN5ll+gBUuo GI9xhnpPUtbSgcvg8Fx+VNgVQ4aHKft+OxWVqJvMmWQ77LZELusnZWFkMuQWXH7jpb0N 81Yxf4tnrx3YFyaOgvt5ItOLZ/1PVW4xLSyGKEe0Kc9fP+Y9bc9SM4jPD5WRZWjYGQWw lPlw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ruc.edu.cn Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y8-20020a17090322c800b0016777c63534si9663112plg.129.2022.06.07.07.57.09; Tue, 07 Jun 2022 07:57:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ruc.edu.cn Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238306AbiFGIip (ORCPT + 99 others); Tue, 7 Jun 2022 04:38:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35722 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231558AbiFGIio (ORCPT ); Tue, 7 Jun 2022 04:38:44 -0400 X-Greylist: delayed 364 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 07 Jun 2022 01:38:39 PDT Received: from smtp.ruc.edu.cn (m177126.mail.qiye.163.com [123.58.177.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BCA222409A; Tue, 7 Jun 2022 01:38:39 -0700 (PDT) Received: from localhost.localdomain (unknown [202.112.113.212]) by smtp.ruc.edu.cn (Hmail) with ESMTPSA id 50BEE8009C; Tue, 7 Jun 2022 16:32:33 +0800 (CST) From: Xiaohui Zhang To: Xiaohui Zhang , Krzysztof Kozlowski , "David S . Miller" , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/1] nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Date: Tue, 7 Jun 2022 16:32:30 +0800 Message-Id: <20220607083230.6182-1-xiaohuizhang@ruc.edu.cn> X-Mailer: git-send-email 2.17.1 X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgPGg8OCBgUHx5ZQUlOS1dZCBgUCR5ZQVlLVUtZV1 kWDxoPAgseWUFZKDYvK1lXWShZQUhPN1dZLVlBSVdZDwkaFQgSH1lBWRlOShhWTEpOGUpKS00eQk IfVRMBExYaEhckFA4PWVdZFhoPEhUdFFlBWU9LSFVKSktISkNVS1kG X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6MBg6CDo*FT01PRBPPhALVlFK Tw4wCU9VSlVKTU5PTkJLTE5IQ0NJVTMWGhIXVQMSGhQTDhIBExoVHDsJDhhVHh8OVRgVRVlXWRIL WUFZSUtJVUpKSVVKSkhVSUpJWVdZCAFZQUlIQk03Bg++ X-HM-Tid: 0a813d4b4aea2c20kusn50bee8009c X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Similar to the handling of play_deferred in commit 19cfe912c37b ("Bluetooth: btusb: Fix memory leak in play_deferred"), we thought a patch might be needed here as well. Currently usb_submit_urb is called directly to submit deferred tx urbs after unanchor them. So the usb_giveback_urb_bh would failed to unref it in usb_unanchor_urb and cause memory leak. Put those urbs in tx_anchor to avoid the leak, and also fix the error handling. Signed-off-by: Xiaohui Zhang --- drivers/nfc/nfcmrvl/usb.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/nfc/nfcmrvl/usb.c b/drivers/nfc/nfcmrvl/usb.c index a99aedff795d..ea7309453096 100644 --- a/drivers/nfc/nfcmrvl/usb.c +++ b/drivers/nfc/nfcmrvl/usb.c @@ -388,13 +388,25 @@ static void nfcmrvl_play_deferred(struct nfcmrvl_usb_drv_data *drv_data) int err; while ((urb = usb_get_from_anchor(&drv_data->deferred))) { + usb_anchor_urb(urb, &drv_data->tx_anchor); + err = usb_submit_urb(urb, GFP_ATOMIC); - if (err) + if (err) { + kfree(urb->setup_packet); + usb_unanchor_urb(urb); + usb_free_urb(urb); break; + } drv_data->tx_in_flight++; + usb_free_urb(urb); + } + + /* Cleanup the rest deferred urbs. */ + while ((urb = usb_get_from_anchor(&drv_data->deferred))) { + kfree(urb->setup_packet); + usb_free_urb(urb); } - usb_scuttle_anchored_urbs(&drv_data->deferred); } static int nfcmrvl_resume(struct usb_interface *intf) -- 2.17.1