[GIT PATCH 2/3 (2nd draft)] Resend : Fix memory leak in qcserial driver

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steven Hardy <shardy@redhat.com>
To: Greg KH <gregkh@suse.de>, Aristeu Rozanski <aris@redhat.com>
Cc: mjg@redhat.com, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [GIT PATCH 2/3 (2nd draft)] Resend : Fix memory leak in qcserial driver
Date: Mon, 28 Mar 2011 23:16:37 +0100	[thread overview]
Message-ID: <20110328221636.GA8195@shardy.csb> (raw)
In-Reply-To: <20110328142148.GA19521@suse.de>

Second draft of patch #2, this addresses the review comments made by Aristeu Rozanski, now usb_set_serial_data() is only called when we are not returning -ENODEV

Original description:
Don't assign serial->private when doing the kzalloc or serial->private ends up pointing to freed memory in the event we return -ENODEV, instead call usb_set_serial_data(serial, data) at the end of the function, and only have one return-point.


Signed-off-by: Steve Hardy <shardy@redhat.com>


diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c
index 6e3b933..b9b97ad 100644
--- a/drivers/usb/serial/qcserial.c
+++ b/drivers/usb/serial/qcserial.c
@@ -111,7 +111,7 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 	ifnum = intf->desc.bInterfaceNumber;
 	dbg("This Interface = %d", ifnum);
 
-	data = serial->private = kzalloc(sizeof(struct usb_wwan_intf_private),
+	data = kzalloc(sizeof(struct usb_wwan_intf_private),
 					 GFP_KERNEL);
 	if (!data)
 		return -ENOMEM;
@@ -134,8 +134,10 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 		    usb_endpoint_is_bulk_out(&intf->endpoint[1].desc)) {
 			dbg("QDL port found");
 
-			if (serial->interface->num_altsetting == 1)
-				return 0;
+			if (serial->interface->num_altsetting == 1) {
+				retval = 0; /* Success */
+				break;
+			}
 
 			retval = usb_set_interface(serial->dev, ifnum, 1);
 			if (retval < 0) {
@@ -145,7 +147,6 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 				retval = -ENODEV;
 				kfree(data);
 			}
-			return retval;
 		}
 		break;
 
@@ -177,7 +178,6 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 				retval = -ENODEV;
 				kfree(data);
 			}
-			return retval;
 		} else if (ifnum==3) {
 			/*
 			 * NMEA (serial line 9600 8N1)
@@ -199,9 +199,12 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
 		dev_err(&serial->dev->dev,
 			"unknown number of interfaces: %d\n", nintf);
 		kfree(data);
-		return -ENODEV;
+		retval = -ENODEV;
 	}
 
+	/* Set serial->private if not returning -ENODEV */
+	if ( retval != -ENODEV )
+		usb_set_serial_data(serial, data);
 	return retval;
 }

next prev parent reply	other threads:[~2011-03-28 22:16 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-03-28 14:06 [GIT PATCH] Fix memory leak in qcserial driver Steven Hardy
2011-03-28 14:21 ` Greg KH
2011-03-28 17:33   ` [GIT PATCH 1/3] Resend : " Steven Hardy
2011-03-28 17:38   ` [GIT PATCH 2/3] " Steven Hardy
2011-03-29 11:22     ` Sergei Shtylyov
2011-03-28 17:41   ` [GIT PATCH 3/3] " Steven Hardy
2011-03-28 22:16   ` Steven Hardy [this message]
2011-03-29 11:26     ` [GIT PATCH 2/3 (2nd draft)] " Sergei Shtylyov
2011-04-04 16:57       ` [PATCH 1/3] usb: Fix qcserial memory leak on rmmod Steven Hardy
2011-04-04 16:59         ` [PATCH 2/3] usb: qcserial avoid pointing to freed memory Steven Hardy
2011-04-04 17:02         ` [PATCH 3/3] usb: qcserial add missing errorpath kfrees Steven Hardy
2011-03-29 13:22     ` [GIT PATCH 2/3 (2nd draft)] Resend : Fix memory leak in qcserial driver Aristeu Rozanski
2011-03-28 17:34 ` [GIT PATCH] " Aristeu Rozanski
2011-03-28 17:48   ` Steven Hardy
2011-03-28 17:54     ` Aristeu Rozanski
2011-03-28 20:42       ` Steven Hardy

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6e3b933 dfblob:b9b97ad )
 OR (
bs:"[GIT PATCH 2/3 (2nd draft)] Resend : Fix memory leak in qcserial driver" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110328221636.GA8195@shardy.csb \
    --to=shardy@redhat.com \
    --cc=aris@redhat.com \
    --cc=gregkh@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=mjg@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.