[PATCH 2/3] usb: qcserial avoid pointing to freed memory

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steven Hardy <shardy@redhat.com>
To: Greg KH <gregkh@suse.de>
Cc: Sergei Shtylyov <sshtylyov@mvista.com>,
	Aristeu Rozanski <aris@redhat.com>,
	mjg@redhat.com, linux-usb@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH 2/3] usb: qcserial avoid pointing to freed memory
Date: Mon, 04 Apr 2011 17:59:55 +0100	[thread overview]
Message-ID: <1301936395.4891.23.camel@shardy.csb> (raw)
In-Reply-To: <1301936257.4891.20.camel@shardy.csb>

Rework the qcprobe logic such that serial->private is not set when
qcprobe exits with -ENODEV, otherwise serial->private will point to freed
memory on -ENODEV

Signed-off-by: Steven Hardy <shardy@redhat.com>
---
Repost of qcserial patches posted last week, hopefully addresses review 
comments and email-patch-format issues

 drivers/usb/serial/qcserial.c |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c
index 6e3b933..cd63864 100644
--- a/drivers/usb/serial/qcserial.c
+++ b/drivers/usb/serial/qcserial.c
@@ -111,7 +111,7 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 	ifnum = intf->desc.bInterfaceNumber;
 	dbg("This Interface = %d", ifnum);
 
-	data = serial->private = kzalloc(sizeof(struct usb_wwan_intf_private),
+	data = kzalloc(sizeof(struct usb_wwan_intf_private),
 					 GFP_KERNEL);
 	if (!data)
 		return -ENOMEM;
@@ -134,8 +134,10 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 		    usb_endpoint_is_bulk_out(&intf->endpoint[1].desc)) {
 			dbg("QDL port found");
 
-			if (serial->interface->num_altsetting == 1)
-				return 0;
+			if (serial->interface->num_altsetting == 1) {
+				retval = 0; /* Success */
+				break;
+			}
 
 			retval = usb_set_interface(serial->dev, ifnum, 1);
 			if (retval < 0) {
@@ -145,7 +147,6 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 				retval = -ENODEV;
 				kfree(data);
 			}
-			return retval;
 		}
 		break;
 
@@ -177,7 +178,6 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 				retval = -ENODEV;
 				kfree(data);
 			}
-			return retval;
 		} else if (ifnum==3) {
 			/*
 			 * NMEA (serial line 9600 8N1)
@@ -199,9 +199,12 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 		dev_err(&serial->dev->dev,
 			"unknown number of interfaces: %d\n", nintf);
 		kfree(data);
-		return -ENODEV;
+		retval = -ENODEV;
 	}
 
+	/* Set serial->private if not returning -ENODEV */
+	if (retval != -ENODEV)
+		usb_set_serial_data(serial, data);
 	return retval;
 }
 
-- 
1.7.1

next prev parent reply	other threads:[~2011-04-04 17:00 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-03-28 14:06 [GIT PATCH] Fix memory leak in qcserial driver Steven Hardy
2011-03-28 14:21 ` Greg KH
2011-03-28 17:33   ` [GIT PATCH 1/3] Resend : " Steven Hardy
2011-03-28 17:38   ` [GIT PATCH 2/3] " Steven Hardy
2011-03-29 11:22     ` Sergei Shtylyov
2011-03-28 17:41   ` [GIT PATCH 3/3] " Steven Hardy
2011-03-28 22:16   ` [GIT PATCH 2/3 (2nd draft)] " Steven Hardy
2011-03-29 11:26     ` Sergei Shtylyov
2011-04-04 16:57       ` [PATCH 1/3] usb: Fix qcserial memory leak on rmmod Steven Hardy
2011-04-04 16:59         ` Steven Hardy [this message]
2011-04-04 17:02         ` [PATCH 3/3] usb: qcserial add missing errorpath kfrees Steven Hardy
2011-03-29 13:22     ` [GIT PATCH 2/3 (2nd draft)] Resend : Fix memory leak in qcserial driver Aristeu Rozanski
2011-03-28 17:34 ` [GIT PATCH] " Aristeu Rozanski
2011-03-28 17:48   ` Steven Hardy
2011-03-28 17:54     ` Aristeu Rozanski
2011-03-28 20:42       ` Steven Hardy

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6e3b933 dfblob:cd63864 )
 OR (
bs:"[PATCH 2/3] usb: qcserial avoid pointing to freed memory" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1301936395.4891.23.camel@shardy.csb \
    --to=shardy@redhat.com \
    --cc=aris@redhat.com \
    --cc=gregkh@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=mjg@redhat.com \
    --cc=sshtylyov@mvista.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.