Re: [PATCH v2] can: mcba_usb: Fix memory leak when cancelling urb

[Oliver Neukum]

Am Montag, den 11.01.2021, 10:49 +0000 schrieb Bui Quang Minh:
> In mcba_usb_read_bulk_callback(), when we don't resubmit or fails to
> resubmit the urb, we need to deallocate the transfer buffer that is
> allocated in mcba_usb_start().
> 
> Reported-by: syzbot+57281c762a3922e14dfe@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Bui Quang Minh <minhquangbui99@xxxxxxxxx>
> ---
> v1: add memory leak fix when not resubmitting urb
> v2: add memory leak fix when failing to resubmit urb
> 
>  drivers/net/can/usb/mcba_usb.c | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/net/can/usb/mcba_usb.c b/drivers/net/can/usb/mcba_usb.c
> index df54eb7d4b36..30236e640116 100644
> --- a/drivers/net/can/usb/mcba_usb.c
> +++ b/drivers/net/can/usb/mcba_usb.c
> @@ -584,6 +584,8 @@ static void mcba_usb_read_bulk_callback(struct urb *urb)
>  	case -EPIPE:
>  	case -EPROTO:
>  	case -ESHUTDOWN:
> +		usb_free_coherent(urb->dev, urb->transfer_buffer_length,
> +				  urb->transfer_buffer, urb->transfer_dma);
>  		return;
>  

Can you call usb_free_coherent() in what can be hard IRQ context?

	Regards
		Oliver