Re: [PATCH] xhci: Fix memory leak in xhci_add_in_port()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 13.11.2019 19.32, Mika Westerberg wrote:

When xHCI is part of Alpine or Titan Ridge Thunderbolt controller and
the xHCI device is hot-removed as a result of unplugging a dock for
example, the driver leaks memory it allocates for xhci->usb3_rhub.psi
and xhci->usb2_rhub.psi in xhci_add_in_port() as reported by kmemleak:

unreferenced object 0xffff922c24ef42f0 (size 16):
   comm "kworker/u16:2", pid 178, jiffies 4294711640 (age 956.620s)
   hex dump (first 16 bytes):
     21 00 0c 00 12 00 dc 05 23 00 e0 01 00 00 00 00  !.......#.......
   backtrace:
     [<000000007ac80914>] xhci_mem_init+0xcf8/0xeb7
     [<0000000001b6d775>] xhci_init+0x7c/0x160
     [<00000000db443fe3>] xhci_gen_setup+0x214/0x340
     [<00000000fdffd320>] xhci_pci_setup+0x48/0x110
     [<00000000541e1e03>] usb_add_hcd.cold+0x265/0x747
     [<00000000ca47a56b>] usb_hcd_pci_probe+0x219/0x3b4
     [<0000000021043861>] xhci_pci_probe+0x24/0x1c0
     [<00000000b9231f25>] local_pci_probe+0x3d/0x70
     [<000000006385c9d7>] pci_device_probe+0xd0/0x150
     [<0000000070241068>] really_probe+0xf5/0x3c0
     [<0000000061f35c0a>] driver_probe_device+0x58/0x100
     [<000000009da11198>] bus_for_each_drv+0x79/0xc0
     [<000000009ce45f69>] __device_attach+0xda/0x160
     [<00000000df201aaf>] pci_bus_add_device+0x46/0x70
     [<0000000088a1bc48>] pci_bus_add_devices+0x27/0x60
     [<00000000ad9ee708>] pci_bus_add_devices+0x52/0x60
unreferenced object 0xffff922c24ef3318 (size 8):
   comm "kworker/u16:2", pid 178, jiffies 4294711640 (age 956.620s)
   hex dump (first 8 bytes):
     34 01 05 00 35 41 0a 00                          4...5A..
   backtrace:
     [<000000007ac80914>] xhci_mem_init+0xcf8/0xeb7
     [<0000000001b6d775>] xhci_init+0x7c/0x160
     [<00000000db443fe3>] xhci_gen_setup+0x214/0x340
     [<00000000fdffd320>] xhci_pci_setup+0x48/0x110
     [<00000000541e1e03>] usb_add_hcd.cold+0x265/0x747
     [<00000000ca47a56b>] usb_hcd_pci_probe+0x219/0x3b4
     [<0000000021043861>] xhci_pci_probe+0x24/0x1c0
     [<00000000b9231f25>] local_pci_probe+0x3d/0x70
     [<000000006385c9d7>] pci_device_probe+0xd0/0x150
     [<0000000070241068>] really_probe+0xf5/0x3c0
     [<0000000061f35c0a>] driver_probe_device+0x58/0x100
     [<000000009da11198>] bus_for_each_drv+0x79/0xc0
     [<000000009ce45f69>] __device_attach+0xda/0x160
     [<00000000df201aaf>] pci_bus_add_device+0x46/0x70
     [<0000000088a1bc48>] pci_bus_add_devices+0x27/0x60
     [<00000000ad9ee708>] pci_bus_add_devices+0x52/0x60

Fix this by calling kfree() for the both psi objects in
xhci_mem_cleanup().

Signed-off-by: Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>
---
I'm not 100% sure the kfree()s below are in correct place so please double
check :)



Thanks, looks good
Nice catch

Adding to queue with stable and fixes tags

-Mathias
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux