Re: [PATCH] ath9k_htc: Fix skb leaks
Larry Finger wrote: > > I'll come up with a patch and see if kmemleak still complains. > > Did I miss your posting on this issue? Nope, I haven't got to this yet, sorry. I'll try to send a patch by today. Sujith -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] ath9k_htc: Fix skb leaks
On 01/01/2013 11:26 PM, Sujith Manoharan wrote: Larry Finger wrote: My only counter argument is that none of the other paths that get to ath9k_htc_txcompletion_cb() leak the skb. It only happens for the path that goes through htc_connect_service(). Sure, but the TX completion handler would be invoked for every skb that is passed to the USB layer, including the ones that are allocated in htc_hst.c. When this skb goes down to hif_usb.c, a URB is allocated and I am not sure how freeing the skb before the USB layer invokes the completion handler for the URB is correct. I'll come up with a patch and see if kmemleak still complains. Did I miss your posting on this issue? Larry -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] ath9k_htc: Fix skb leaks
Larry Finger wrote: > My only counter argument is that none of the other paths that get to > ath9k_htc_txcompletion_cb() leak the skb. It only happens for the path that > goes > through htc_connect_service(). Sure, but the TX completion handler would be invoked for every skb that is passed to the USB layer, including the ones that are allocated in htc_hst.c. When this skb goes down to hif_usb.c, a URB is allocated and I am not sure how freeing the skb before the USB layer invokes the completion handler for the URB is correct. I'll come up with a patch and see if kmemleak still complains. Sujith -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] ath9k_htc: Fix skb leaks
On 01/01/2013 10:30 PM, Sujith Manoharan wrote: Larry Finger wrote: diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c index 4a9570d..a304748 100644 --- a/drivers/net/wireless/ath/ath9k/htc_hst.c +++ b/drivers/net/wireless/ath/ath9k/htc_hst.c @@ -278,10 +278,12 @@ int htc_connect_service(struct htc_target *target, if (!time_left) { dev_err(target->dev, "Service connection timeout for: %d\n", service_connreq->service_id); - return -ETIMEDOUT; + ret = -ETIMEDOUT; + goto err; } *conn_rsp_epid = target->conn_rsp_epid; + kfree_skb(skb); return 0; err: kfree_skb(skb); ath9k_htc_txcompletion_cb() The allocated skb should be freed in the TX completion hander, ath9k_htc_txcompletion_cb() - doing it in htc_connect_service() is wrong, I think. My only counter argument is that none of the other paths that get to ath9k_htc_txcompletion_cb() leak the skb. It only happens for the path that goes through htc_connect_service(). Larry -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] ath9k_htc: Fix skb leaks
Larry Finger wrote: > diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c > b/drivers/net/wireless/ath/ath9k/htc_hst.c > index 4a9570d..a304748 100644 > --- a/drivers/net/wireless/ath/ath9k/htc_hst.c > +++ b/drivers/net/wireless/ath/ath9k/htc_hst.c > @@ -278,10 +278,12 @@ int htc_connect_service(struct htc_target *target, > if (!time_left) { > dev_err(target->dev, "Service connection timeout for: %d\n", > service_connreq->service_id); > - return -ETIMEDOUT; > + ret = -ETIMEDOUT; > + goto err; > } > > *conn_rsp_epid = target->conn_rsp_epid; > + kfree_skb(skb); > return 0; > err: > kfree_skb(skb); The allocated skb should be freed in the TX completion hander, ath9k_htc_txcompletion_cb() - doing it in htc_connect_service() is wrong, I think. Sujith -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/