Re: [PATCH 1/4] usb: gadget: f_uac1_legacy: fix file handle leaks in gaudio_open_snd_dev()

[Greg KH <gregkh@linuxfoundation.org>]

On Mon, May 25, 2026 at 03:26:09PM -0500, Adrian Korwel wrote:
> gaudio_open_snd_dev() opens the ALSA control device file first, then
> opens the PCM playback device. On two error paths the control file
> handle is leaked:
> 
> When filp_open() for the playback device fails, the function returns
> immediately without closing the already-opened control file handle.
> 
> When playback_default_hw_params() fails, its return value was ignored
> and both the playback and control file handles were leaked.
> 
> Both leaks result in gaudio_cleanup() calling filp_close() on already
> freed file objects, causing a use-after-free.
> 
> Fix by closing previously opened file handles before returning on
> each error path, and by checking the return value of
> playback_default_hw_params().
> 
> Fixes: d355339eecd9 ("usb: gadget: function: make current f_uac1 implementation legacy")
> Cc: stable@vger.kernel.org
> Signed-off-by: Adrian Korwel <adriank20047@gmail.com>
> ---
>  drivers/usb/gadget/function/u_uac1_legacy.c | 10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)

Something is really odd with your email system, look at what is on the
list from you for these patches.  It looks like:

 525   C May 25 Adrian Korwel   (  43) ┬─>[PATCH 1/2] USB: serial: io_ti: fix heap overflow in get_manuf_info()                                        
 527   C May 25 Adrian Korwel   (  40) │ └─>[PATCH 2/2] USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()
 528   T May 25 Adrian Korwel   (  77) └─>Re: [PATCH] USB: serial: io_ti: fix heap overflows in get_manuf_info() and build_i2c_fw_hdr()
 623   C May 25 Adrian Korwel   (  54) ┬─>[PATCH 1/4] usb: gadget: f_uac1_legacy: fix file handle leaks in gaudio_open_snd_dev()
 624   C May 25 Adrian Korwel   (  64) │ ├─>[PATCH 2/4] usb: gadget: f_uac1_legacy: fix use-after-free caused by bound guard
 625   C May 25 Adrian Korwel   (  40) │ ├─>[PATCH 4/4] usb: typec: thunderbolt: cancel work before altmode is removed
 626   C May 25 Adrian Korwel   (  35) │ └─>[PATCH 3/4] usb: gadget: f_uac1_legacy: cancel work in f_audio_disable()
 627   C May 25 Adrian Korwel   (  40) └─>[PATCH 1/4] USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()
 628   C May 25 Adrian Korwel   (  40)   ├─>[PATCH 4/4] usb: typec: thunderbolt: cancel work before altmode is removed
 629   C May 25 Adrian Korwel   (  35)   ├─>[PATCH 4/4] usb: gadget: f_uac1_legacy: cancel work in f_audio_disable()
 630   C May 25 Adrian Korwel   (  54)   ├─>[PATCH 1/4] usb: gadget: f_uac1_legacy: fix file handle leaks in gaudio_open_snd_dev()
 631   C May 25 Adrian Korwel   (  64)   ├─>[PATCH 2/4] usb: gadget: f_uac1_legacy: fix use-after-free caused by bound guard
 632   C May 25 Adrian Korwel   (  64)   ├─>[PATCH 3/4] usb: gadget: f_uac1_legacy: fix use-after-free caused by bound guard
 633   C May 25 Adrian Korwel   (  35)   ├─>[PATCH 3/4] usb: gadget: f_uac1_legacy: cancel work in f_audio_disable()
 634   C May 25 Adrian Korwel   (  54)   └─>[PATCH 2/4] usb: gadget: f_uac1_legacy: fix file handle leaks in gaudio_open_snd_dev()
 636   C May 24 Adrian Korwel   (  41) [PATCH] usb: typec: thunderbolt: cancel work before altmode is removed  
 637   C May 24 Adrian Korwel   (  62) [PATCH] usb: gadget: f_uac1_legacy: fix file handle leaks in gaudio_open_snd_dev()


You have threading issues, patches in multiple places and resend, and all mixed
up.

Please resend everything that has not been accepted, as new versions, in the
correct way, and we will be glad to review them.

thanks,

greg k-h