| Message ID | 20250522140048.2811356-1-n.zhandarovich@fintech.ru |
|---|---|
| State | New |
| Headers | show |
| Series | media: usb: siano: do not free urb-specific transfer buffer | expand |
diff --git a/drivers/media/usb/siano/smsusb.c b/drivers/media/usb/siano/smsusb.c index 2c8179a84991..a78b1c233aad 100644 --- a/drivers/media/usb/siano/smsusb.c +++ b/drivers/media/usb/siano/smsusb.c @@ -168,7 +168,6 @@ static int smsusb_submit_urb(struct smsusb_device_t *dev, smsusb_onresponse, surb ); - surb->urb->transfer_flags |= URB_FREE_BUFFER; return usb_submit_urb(surb->urb, GFP_ATOMIC); }
Since siano driver uses separately allocated buffers for urb tranfers, such as smscore_buffer_t *cb, and deals with them accordingly via calls to smscore_putbuffer() in smsusb_stop_streaming(), there is no need to attempt to free urb->transfer_buffer by adding a URB_FREE_BUFFER to urb transfer flags. As syzkaller shows, it triggers a warning which will bring about proper crash on systems with 'panic_on_warn' set. Therefore, skip the flag setting step to fix the issue. This change was tested exclusively with syz-repros and KMEMLEAK sanitizer. The idea for this patch was originally devised by Hillf Danton. Suggested-by: Hillf Danton <hdanton@sina.com> Reported-by: syzbot+b466336413a1fba398a5@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=b466336413a1fba398a5 Fixes: 564246fd3ff4 ("media: siano: Fix coherent memory allocation failure on arm64") Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru> --- drivers/media/usb/siano/smsusb.c | 1 - 1 file changed, 1 deletion(-)