Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
firewire: avoid memleak after phy config transmit failure
Use only statically allocated data for PHY config packet transmission.
With the previous incarnation, some data wouldn't be freed if the packet
transmit callback was never called.
A theoretical drawback now is that, in PCs with more than one card,
card A may complete() for a waiter on card B. But this is highly
unlikely and its impact not serious. Bus manager B may reset bus B
before the PHY config went out, but the next phy config on B should be
fine. However, with a timeout of 100ms, this situation is close to
impossible.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
+19
-35
drivers/firewire/fw-transaction.c
+19
-35
drivers/firewire/fw-transaction.c
···
22
#include <linux/kernel.h>
23
#include <linux/kref.h>
24
#include <linux/module.h>
25
#include <linux/init.h>
26
#include <linux/interrupt.h>
27
#include <linux/pci.h>
···
296
}
297
EXPORT_SYMBOL(fw_send_request);
298
299
-
struct fw_phy_packet {
300
-
struct fw_packet packet;
301
-
struct completion done;
302
-
struct kref kref;
303
-
};
304
-
305
-
static void phy_packet_release(struct kref *kref)
306
-
{
307
-
struct fw_phy_packet *p =
308
-
container_of(kref, struct fw_phy_packet, kref);
309
-
kfree(p);
310
-
}
311
312
static void transmit_phy_packet_callback(struct fw_packet *packet,
313
struct fw_card *card, int status)
314
{
315
-
struct fw_phy_packet *p =
316
-
container_of(packet, struct fw_phy_packet, packet);
317
-
318
-
complete(&p->done);
319
-
kref_put(&p->kref, phy_packet_release);
320
}
321
322
void fw_send_phy_config(struct fw_card *card,
323
int node_id, int generation, int gap_count)
324
{
325
-
struct fw_phy_packet *p;
326
long timeout = DIV_ROUND_UP(HZ, 10);
327
u32 data = PHY_IDENTIFIER(PHY_PACKET_CONFIG) |
328
PHY_CONFIG_ROOT_ID(node_id) |
329
PHY_CONFIG_GAP_COUNT(gap_count);
330
331
-
p = kmalloc(sizeof(*p), GFP_KERNEL);
332
-
if (p == NULL)
333
-
return;
334
335
-
p->packet.header[0] = data;
336
-
p->packet.header[1] = ~data;
337
-
p->packet.header_length = 8;
338
-
p->packet.payload_length = 0;
339
-
p->packet.speed = SCODE_100;
340
-
p->packet.generation = generation;
341
-
p->packet.callback = transmit_phy_packet_callback;
342
-
init_completion(&p->done);
343
-
kref_set(&p->kref, 2);
344
345
-
card->driver->send_request(card, &p->packet);
346
-
timeout = wait_for_completion_timeout(&p->done, timeout);
347
-
kref_put(&p->kref, phy_packet_release);
348
349
-
/* will leak p if the callback is never executed */
350
-
WARN_ON(timeout == 0);
351
}
352
353
void fw_flush_transactions(struct fw_card *card)
···
22
#include <linux/kernel.h>
23
#include <linux/kref.h>
24
#include <linux/module.h>
25
+
#include <linux/mutex.h>
26
#include <linux/init.h>
27
#include <linux/interrupt.h>
28
#include <linux/pci.h>
···
295
}
296
EXPORT_SYMBOL(fw_send_request);
297
298
+
static DEFINE_MUTEX(phy_config_mutex);
299
+
static DECLARE_COMPLETION(phy_config_done);
300
301
static void transmit_phy_packet_callback(struct fw_packet *packet,
302
struct fw_card *card, int status)
303
{
304
+
complete(&phy_config_done);
305
}
306
+
307
+
static struct fw_packet phy_config_packet = {
308
+
.header_length = 8,
309
+
.payload_length = 0,
310
+
.speed = SCODE_100,
311
+
.callback = transmit_phy_packet_callback,
312
+
};
313
314
void fw_send_phy_config(struct fw_card *card,
315
int node_id, int generation, int gap_count)
316
{
317
long timeout = DIV_ROUND_UP(HZ, 10);
318
u32 data = PHY_IDENTIFIER(PHY_PACKET_CONFIG) |
319
PHY_CONFIG_ROOT_ID(node_id) |
320
PHY_CONFIG_GAP_COUNT(gap_count);
321
322
+
mutex_lock(&phy_config_mutex);
323
324
+
phy_config_packet.header[0] = data;
325
+
phy_config_packet.header[1] = ~data;
326
+
phy_config_packet.generation = generation;
327
+
INIT_COMPLETION(phy_config_done);
328
329
+
card->driver->send_request(card, &phy_config_packet);
330
+
wait_for_completion_timeout(&phy_config_done, timeout);
331
332
+
mutex_unlock(&phy_config_mutex);
333
}
334
335
void fw_flush_transactions(struct fw_card *card)