I'm looking into possible memory leaks in the visor driver, and I had a question regarding behavior of error handling on failed urb submission. From what I understand, when submitting a urb fails, the completion handler will not be called (as indicated in the api). It would appear that this case is not handled properly in visor_write when this happens though. I would imagine that kfree() should be called for buffer when a non-zero status is returned by usb_submit_urb(). Am I missing something?
BTW - this affects more than one usb serial driver.
from drivers/usb/serial/visor.c:
static int visor_write (struct usb_serial_port *port, int from_user, const unsigned
char *buf, int count)
{
...
buffer = kmalloc (count, GFP_ATOMIC);
if (!buffer) {
dev_err(&port->dev, "out of memory\n");
return -ENOMEM;
}...
usb_fill_bulk_urb (urb, serial->dev,
usb_sndbulkpipe (serial->dev,
port->bulk_out_endpointAddress),
buffer, count, visor_write_bulk_callback, port);
/* send it down the pipe */
status = usb_submit_urb(urb, GFP_ATOMIC);
if (status) {
dev_err(&port->dev, "%s - usb_submit_urb(write bulk) failed with status =
%d\n",
__FUNCTION__, status);
count = status;
} else {
bytes_out += count;
}
...
}static void visor_write_bulk_callback (struct urb *urb, struct pt_regs *regs)
{
...
/* free up the transfer buffer, as usb_free_urb() does not do this */
kfree (urb->transfer_buffer);
...
}
from drivers/usb/core/urb.c: /** * usb_submit_urb - issue an asynchronous transfer request for an endpoint * @urb: pointer to the urb describing the request * @mem_flags: the type of memory to allocate, see kmalloc() for a list * of valid options for this. * ... * Successful submissions return 0; otherwise this routine returns a * negative error number. If the submission is successful, the complete() * callback from the URB will be called exactly once, when the USB core and * Host Controller Driver (HCD) are finished with the URB. When the completion * function is called, control of the URB is returned to the device * driver which issued the request. The completion handler may then * immediately free or reuse that URB. * ... */
-- Joe Nardelli [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
