[staging:staging-next 115/274] drivers/staging/ced1401/usb1401.c:1065 Handle1401Esc() error: double unlock 'spin_lock:&pdx->stagedLock'
Alois Schloegl
alois.schloegl at ist.ac.at
Mon Oct 22 10:42:49 UTC 2012
Hi,
Please include (Greg Smith <greg at ced.co.uk>) into any communication.
Greg Smith from CED noticed that there is no kfree, causing a memory
leak, and memset() has been removed, thus tx->used was not cleared.
The patch below should fix this.
Alois
diff --git a/ced_ioc.c b/ced_ioc.c
index 4a13c10..fe15c44 100644
--- a/ced_ioc.c
+++ b/ced_ioc.c
@@ -895,15 +895,23 @@ int GetTransfer(DEVICE_EXTENSION *pdx,
TGET_TX_BLOCK __user *pTX)
else
{
// Return the best information we have - we don't have
physical addresses
- TGET_TX_BLOCK tx;
- memset(&tx, 0, sizeof(tx)); // clean out local work
structure
- tx.size = pdx->rTransDef[dwIdent].dwLength;
- tx.linear = (long long)((long)pdx->rTransDef[dwIdent].lpvBuff);
- tx.avail = GET_TX_MAXENTRIES; // how many blocks we could
return
- tx.used = 1; // number we actually return
- tx.entries[0].physical = (long long)(tx.linear+pdx->StagedOffset);
- tx.entries[0].size = tx.size;
- copy_to_user(pTX, &tx, sizeof(tx));
+ TGET_TX_BLOCK *tx;
+ tx = kzalloc(sizeof(*tx), GFP_KERNEL);
+ if (!tx) {
+ mutex_unlock(&pdx->io_mutex);
+ return -ENOMEM;
+ }
+
+ memset(tx, 0, sizeof(*tx)); // clean out local work
structure
+ tx->size = pdx->rTransDef[dwIdent].dwLength;
+ tx->linear = (long long)((long)pdx->rTransDef[dwIdent].lpvBuff);
+ tx->avail = GET_TX_MAXENTRIES; // how many blocks we
could return
+ tx->used = 1; // number we actually return
+ tx->entries[0].physical = (long
long)(tx->linear+pdx->StagedOffset);
+ tx->entries[0].size = tx->size;
+ iReturn = copy_to_user(pTX, tx, sizeof(*tx));
+ kfree(tx);
+ return (iReturn);
}
mutex_unlock(&pdx->io_mutex);
return iReturn;
On 10/07/2012 02:56 PM, devendra.aaru wrote:
> Hi, Fengguang,
>
> On Sun, Oct 7, 2012 at 7:07 AM, Fengguang Wu<fengguang.wu at intel.com> wrote:
>> Hi Alois,
>>
>> FYI, there are new smatch warnings show up in
>>
>> tree: git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git staging-next
>> head: e1878957b4676a17cf398f7f5723b365e9a2ca48
>> commit: 2eae6bdc12f4e49b7f94f032b82d664dcf3881bc [115/274] Staging: add ced1401 USB driver
>>
>>
>> + drivers/staging/ced1401/ced_ioc.c:898 GetTransfer() warn: 'tx' puts 3104 bytes on stack
>
> I have a following patch to send to Greg, when the merge window closes:
>
>
> From 7d9b8485ab837bf9e0f960d090f90c6518f7e2db Mon Sep 17 00:00:00 2001
> From: Devendra Naga<devendra.aaru at gmail.com>
> Date: Sat, 6 Oct 2012 02:57:42 -0400
> Subject: [PATCH 1/4] staging: ced1401: fix a frame size warning
>
> gcc/sparse complain about the following:
>
> drivers/staging/ced1401/ced_ioc.c:931:1: warning: the frame size of
> 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=]
>
> fix it by using a pointer of the TGET_TX_BLOCK struct
>
> Signed-off-by: Devendra Naga<devendra.aaru at gmail.com>
> ---
> drivers/staging/ced1401/ced_ioc.c | 28 +++++++++++++++++-----------
> 1 file changed, 17 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/staging/ced1401/ced_ioc.c
> b/drivers/staging/ced1401/ced_ioc.c
> index c9492ed..a136ca3 100644
> --- a/drivers/staging/ced1401/ced_ioc.c
> +++ b/drivers/staging/ced1401/ced_ioc.c
> @@ -913,17 +913,23 @@ int GetTransfer(DEVICE_EXTENSION * pdx,
> TGET_TX_BLOCK __user * pTX)
> iReturn = U14ERR_BADAREA;
> else {
> // Return the best information we have - we don't have
> physical addresses
> - TGET_TX_BLOCK tx;
> - memset(&tx, 0, sizeof(tx)); // clean out local
> work structure
> - tx.size = pdx->rTransDef[dwIdent].dwLength;
> - tx.linear = (long long)((long)pdx->rTransDef[dwIdent].lpvBuff);
> - tx.avail = GET_TX_MAXENTRIES; // how many blocks we
> could return
> - tx.used = 1; // number we actually return
> - tx.entries[0].physical =
> - (long long)(tx.linear + pdx->StagedOffset);
> - tx.entries[0].size = tx.size;
> -
> - if (copy_to_user(pTX,&tx, sizeof(tx)))
> + TGET_TX_BLOCK *tx;
> +
> + tx = kzalloc(sizeof(*tx), GFP_KERNEL);
> + if (!tx) {
> + mutex_unlock(&pdx->io_mutex);
> + return -ENOMEM;
>
> + }
> +
> + tx->size = pdx->rTransDef[dwIdent].dwLength;
> + tx->linear = (long long)((long)pdx->rTransDef[dwIdent].lpvBuff);
> + tx->avail = GET_TX_MAXENTRIES; // how many blocks we
> could return
> + tx->used = 1; // number we actually return
> + tx->entries[0].physical =
> + (long long)(tx->linear + pdx->StagedOffset);
> + tx->entries[0].size = tx->size;
> +
> + if (copy_to_user(pTX, tx, sizeof(*tx)))
> iReturn = -EFAULT;
> }
> mutex_unlock(&pdx->io_mutex);
>
>> 0-DAY kernel build testing backend Open Source Technology Center
>> Fengguang Wu, Yuanhan Liu Intel Corporation
>>
>> _______________________________________________
>> devel mailing list
>> devel at linuxdriverproject.org
>> http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
>>
>
> Thanks,
More information about the devel
mailing list