* [1/1] usb:gadget:function:fix memory leak
@ 2018-07-23 11:09 Xidong Wang
0 siblings, 0 replies; 2+ messages in thread
From: Xidong Wang @ 2018-07-23 11:09 UTC (permalink / raw)
To: Felipe Balbi, Greg Kroah-Hartman, Johan Hovold, Michal Nazarewicz,
Vincent Pelletier
Cc: wangxidong_97, linux-usb, linux-kernel
In function f_audio_set_alt(), the memory allocated by
usb_ep_alloc_request() is not released on the error path
that req->buf, which holds the return value of kzalloc(),
is NULL. This will result in a memory leak bug.
Signed-off-by: Xidong Wang <wangxidong_97@163.com>
---
drivers/usb/gadget/function/f_uac1_legacy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/f_uac1_legacy.c b/drivers/usb/gadget/function/f_uac1_legacy.c
index 24c086b..2fcdade 100644
--- a/drivers/usb/gadget/function/f_uac1_legacy.c
+++ b/drivers/usb/gadget/function/f_uac1_legacy.c
@@ -630,8 +630,11 @@ static int f_audio_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
ERROR(cdev,
"%s queue req: %d\n",
out_ep->name, err);
- } else
+ } else {
+ usb_ep_free_request(
+ out_ep, req);
err = -ENOMEM;
+ }
} else
err = -ENOMEM;
}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [1/1] usb:gadget:function:fix memory leak
@ 2018-07-26 11:08 Felipe Balbi
0 siblings, 0 replies; 2+ messages in thread
From: Felipe Balbi @ 2018-07-26 11:08 UTC (permalink / raw)
To: Xidong Wang, Greg Kroah-Hartman, Johan Hovold, Michal Nazarewicz,
Vincent Pelletier
Cc: linux-usb, linux-kernel
hi,
Xidong Wang <wangxidong_97@163.com> writes:
> In function f_audio_set_alt(), the memory allocated by
> usb_ep_alloc_request() is not released on the error path
> that req->buf, which holds the return value of kzalloc(),
> is NULL. This will result in a memory leak bug.
>
> Signed-off-by: Xidong Wang <wangxidong_97@163.com>
> ---
> drivers/usb/gadget/function/f_uac1_legacy.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/gadget/function/f_uac1_legacy.c b/drivers/usb/gadget/function/f_uac1_legacy.c
> index 24c086b..2fcdade 100644
> --- a/drivers/usb/gadget/function/f_uac1_legacy.c
> +++ b/drivers/usb/gadget/function/f_uac1_legacy.c
> @@ -630,8 +630,11 @@ static int f_audio_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
> ERROR(cdev,
> "%s queue req: %d\n",
> out_ep->name, err);
> - } else
> + } else {
> + usb_ep_free_request(
> + out_ep, req);
> err = -ENOMEM;
> + }
I feel like this hunk has been ping ponging between having
usb_ep_free_request() and not having it because completion callback will
call usb_ep_free_request() or something along those lines.
Can we get a final solution that solves all cases and doesn't introduce
other bugs?
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-26 11:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-26 11:08 [1/1] usb:gadget:function:fix memory leak Felipe Balbi
-- strict thread matches above, loose matches on Subject: below --
2018-07-23 11:09 Xidong Wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).