| Message ID | BANLkTi=Teg9iN8osSDY9fqadZ+sA-Ng2Sw@mail.gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Delegated to: | Jiri Kosina |
| Headers | show |
On Wed, Jun 22, 2011 at 1:28 PM, Amit Nagal <helloin.amit@gmail.com> wrote: > Hi , > > linux kernel ver 2.6.39.1 , hidraw.c , in hidraw_release function > , list pointer ( struct hidraw_list *list ) is not freed > in case of -ENODEV . > > i think the following patch is applicable : > > --- a/drivers/hid/hidraw.c 2011-06-22 08:57:55.000000000 -0400 > +++ b/drivers/hid/hidraw.c 2011-06-22 08:42:04.000000000 -0400 > @@ -298,6 +298,7 @@ static int hidraw_release(struct inode * > > mutex_lock(&minors_lock); > if (!hidraw_table[minor]) { > + kfree(list); > ret = -ENODEV; > goto unlock; > } > > Please correct me if i am mistaken . > In continuation of above , in hidraw_release(), for the sequence disconnect followed by last userspace close(fd) call , even kfree(list->hidraw) should also be called , as in hidraw_disconnect() function kfree(hidraw) is called only when hidraw->open is 0 . so list->hidraw should also be freed when calling last close() call even after disconnect . if i have misunderstood facts , kindly clear my doubts . Regards Amit Nagal -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, 22 Jun 2011, Amit Nagal wrote: > > linux kernel ver 2.6.39.1 , hidraw.c , in hidraw_release function > > , list pointer ( struct hidraw_list *list ) is not freed > > in case of -ENODEV . > > > > i think the following patch is applicable : > > > > --- a/drivers/hid/hidraw.c 2011-06-22 08:57:55.000000000 -0400 > > +++ b/drivers/hid/hidraw.c 2011-06-22 08:42:04.000000000 -0400 > > @@ -298,6 +298,7 @@ static int hidraw_release(struct inode * > > > > mutex_lock(&minors_lock); > > if (!hidraw_table[minor]) { > > + kfree(list); > > ret = -ENODEV; > > goto unlock; > > } > > > > Please correct me if i am mistaken . > > > > In continuation of above , in hidraw_release(), for the sequence > disconnect followed by last userspace close(fd) call , > even kfree(list->hidraw) should also be called , as in > hidraw_disconnect() function kfree(hidraw) is called only when > hidraw->open is 0 . > so list->hidraw should also be freed when calling last close() call > even after disconnect . Hi Amit, your analysis is correct. Could you please re-send the patch with the other fixes added, and also your Signed-off-by line? Thanks,
On Fri, Jul 22, 2011 at 8:06 PM, Jiri Kosina <jkosina@suse.cz> wrote: > On Wed, 22 Jun 2011, Amit Nagal wrote: > >> > linux kernel ver 2.6.39.1 , hidraw.c , in hidraw_release function >> > , list pointer ( struct hidraw_list *list ) is not freed >> > in case of -ENODEV . >> > >> > i think the following patch is applicable : >> > >> > --- a/drivers/hid/hidraw.c 2011-06-22 08:57:55.000000000 -0400 >> > +++ b/drivers/hid/hidraw.c 2011-06-22 08:42:04.000000000 -0400 >> > @@ -298,6 +298,7 @@ static int hidraw_release(struct inode * >> > >> > mutex_lock(&minors_lock); >> > if (!hidraw_table[minor]) { >> > + kfree(list); >> > ret = -ENODEV; >> > goto unlock; >> > } >> > >> > Please correct me if i am mistaken . >> > >> >> In continuation of above , in hidraw_release(), for the sequence >> disconnect followed by last userspace close(fd) call , >> even kfree(list->hidraw) should also be called , as in >> hidraw_disconnect() function kfree(hidraw) is called only when >> hidraw->open is 0 . >> so list->hidraw should also be freed when calling last close() call >> even after disconnect . > > Hi Amit, > > your analysis is correct. Could you please re-send the patch with the > other fixes added, and also your Signed-off-by line? > > Thanks, > > -- > Jiri Kosina > SUSE Labs > Thanx for reviewing my analysis . i will resubmit the patch after adding other fixes as well . Regards Amit Nagal -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
--- a/drivers/hid/hidraw.c 2011-06-22 08:57:55.000000000 -0400 +++ b/drivers/hid/hidraw.c 2011-06-22 08:42:04.000000000 -0400 @@ -298,6 +298,7 @@ static int hidraw_release(struct inode * mutex_lock(&minors_lock); if (!hidraw_table[minor]) { + kfree(list); ret = -ENODEV; goto unlock; }