Re: [PATCH] usb: core: fix reference count leak in usb_port_resume

From: Alan Stern
Date: Sun Jun 14 2020 - 09:42:15 EST

Next message: Vladimir Oltean: "Re: [PATCH 2/2] spi: spi-fsl-dspi: Initialize completion before possible interrupt"
Previous message: Vladimir Oltean: "Re: [PATCH 2/2] spi: spi-fsl-dspi: Initialize completion before possible interrupt"
In reply to: Aditya Pakki: "[PATCH] usb: core: fix reference count leak in usb_port_resume"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jun 13, 2020 at 10:33:53PM -0500, Aditya Pakki wrote:
> usb_port_resume() calls pm_runtime_get_sync() that increments
> the reference counter. In case of failure, decrement the reference
> count and return the error.
>
> Signed-off-by: Aditya Pakki <pakki001@xxxxxxx>
> ---
> drivers/usb/core/hub.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
> index b1e14beaac5f..a9231f27144e 100644
> --- a/drivers/usb/core/hub.c
> +++ b/drivers/usb/core/hub.c
> @@ -3542,6 +3542,7 @@ int usb_port_resume(struct usb_device *udev, pm_message_t msg)
> if (status < 0) {
> dev_dbg(&udev->dev, "can't resume usb port, status %d\n",
> status);
> + pm_runtime_put_sync(&port_dev->dev);

This is wrong; you need to do test_and_clear_bit(port1,
hub->child_usage_bits) before calling pm_runtime_put_sync(). Otherwise
the child_usage_bits value will get out of sync with the port's runtime
status.

Alan Stern

Next message: Vladimir Oltean: "Re: [PATCH 2/2] spi: spi-fsl-dspi: Initialize completion before possible interrupt"
Previous message: Vladimir Oltean: "Re: [PATCH 2/2] spi: spi-fsl-dspi: Initialize completion before possible interrupt"
In reply to: Aditya Pakki: "[PATCH] usb: core: fix reference count leak in usb_port_resume"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]