[v3,01/11] Revert "NFC: st95hf: drop illegal kfree_skb()"

Message ID	20180724095941.25777-2-daniel@zonque.org (mailing list archive)
State	Deferred
Delegated to:	Samuel Ortiz
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: Daniel Mack <daniel@zonque.org> To: sameo@linux.intel.com Cc: linux-wireless@vger.kernel.org, colin.king@canonical.com, shikha.singh@st.com, Daniel Mack <daniel@zonque.org> Subject: [PATCH v3 01/11] Revert "NFC: st95hf: drop illegal kfree_skb()" Date: Tue, 24 Jul 2018 11:59:31 +0200 Message-Id: <20180724095941.25777-2-daniel@zonque.org> In-Reply-To: <20180724095941.25777-1-daniel@zonque.org> References: <20180724095941.25777-1-daniel@zonque.org> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk
Series	NFC: A bunch of cleanups for st95hf \| expand [v3,00/11] NFC: A bunch of cleanups for st95hf [v3,01/11] Revert "NFC: st95hf: drop illegal kfree_skb()" [v3,02/11] NFC: st95hf: drop nfcdev_free [v3,03/11] NFC: st95hf: drop illegal kfree_skb() in IRQ handler [v3,04/11] NFC: st95hf: remove logging from spi functions [v3,05/11] NFC: st95hf: remove exchange_lock [v3,06/11] NFC: st95hf: move skb allocation to ISR [v3,07/11] NFC: st95hf: ignore spurious interrupts [v3,08/11] NFC: st95hf: re-order command defines [v3,09/11] NFC: st95hf: unify sync/async flags [v3,10/11] NFC: st95hf: two small style nits [v3,11/11] NFC: st95hf: add of match table

Message ID

20180724095941.25777-2-daniel@zonque.org (mailing list archive)

State

Deferred

Delegated to:

Samuel Ortiz

Headers

From: Daniel Mack <daniel@zonque.org>
To: sameo@linux.intel.com
Cc: linux-wireless@vger.kernel.org, colin.king@canonical.com,
        shikha.singh@st.com, Daniel Mack <daniel@zonque.org>
Subject: [PATCH v3 01/11] Revert "NFC: st95hf: drop illegal kfree_skb()"
Date: Tue, 24 Jul 2018 11:59:31 +0200
Message-Id: <20180724095941.25777-2-daniel@zonque.org>
In-Reply-To: <20180724095941.25777-1-daniel@zonque.org>
References: <20180724095941.25777-1-daniel@zonque.org>
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk

Series

NFC: A bunch of cleanups for st95hf | expand

Commit Message

Daniel Mack July 24, 2018, 9:59 a.m. UTC

This reverts commit c99f996b2ba49 ("NFC: st95hf: drop illegal
kfree_skb()").

It turns out that the st95hf_in_send_cmd() is in fact the sole owner of
this skb, and by not freeing it here, we not only causing a memory leak
but also mess up the refcount of the socket that holds it. This will in
turn lead to activated targets not being cleaned up, even after
stopping userspace processes.

The memory corruption that I was hunting was caused by another
kfree_skb(). This will be fixed in a later commit.

Signed-off-by: Daniel Mack <daniel@zonque.org>
Fixes: c99f996b2ba49 ("NFC: st95hf: drop illegal kfree_skb()")
---
 drivers/nfc/st95hf/core.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/nfc/st95hf/core.c b/drivers/nfc/st95hf/core.c
index 36ef0e905ba3..bc1a2070f9bb 100644
--- a/drivers/nfc/st95hf/core.c
+++ b/drivers/nfc/st95hf/core.c
@@ -991,6 +991,8 @@  static int st95hf_in_send_cmd(struct nfc_digital_dev *ddev,
 		goto free_skb_resp;
 	}
 
+	kfree_skb(skb);
+
 	return rc;
 
 free_skb_resp:

[v3,01/11] Revert "NFC: st95hf: drop illegal kfree_skb()"

Commit Message

Patch