From: Greg KH <gregkh@linuxfoundation.org>
To: 慕冬亮 <mudongliangabcd@gmail.com>
Cc: Larry.Finger@lwfinger.net, florian.c.schilhabel@googlemail.com,
rkovhaev@gmail.com, straube.linux@gmail.com,
linux-staging@lists.linux.dev,
linux-kernel <linux-kernel@vger.kernel.org>,
syzbot+1c46f3771695bccbdb3a@syzkaller.appspotmail.com
Subject: Re: [PATCH] staging: rtl8712: Fix memory leak in r8712_init_recv_priv
Date: Fri, 21 May 2021 15:16:07 +0200 [thread overview]
Message-ID: <YKeyl6DL9rZylbKw@kroah.com> (raw)
In-Reply-To: <CAD-N9QUgYy4j3wnJX1gwq902ggarFaQPBQ3cyUAArYxv22Q-bQ@mail.gmail.com>
On Fri, May 21, 2021 at 08:24:58PM +0800, 慕冬亮 wrote:
> On Fri, May 21, 2021 at 8:18 PM Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Fri, May 21, 2021 at 08:08:11PM +0800, Dongliang Mu wrote:
> > > r871xu_dev_remove failed to call r8712_free_drv_sw() and free the
> > > resource (e.g., struct urb) due to the failure of firmware loading.
> > >
> > > Fix this by invoking r8712_free_drv_sw at the failure site.
> > >
> > > Reported-by: syzbot+1c46f3771695bccbdb3a@syzkaller.appspotmail.com
> > > Fixes: b4383c971bc5 ("staging: rtl8712: handle firmware load failure")
> > > Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
> > > ---
> > > drivers/staging/rtl8712/usb_intf.c | 13 ++++++++++---
> > > 1 file changed, 10 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c
> > > index dc21e7743349..a5190b4250ce 100644
> > > --- a/drivers/staging/rtl8712/usb_intf.c
> > > +++ b/drivers/staging/rtl8712/usb_intf.c
> > > @@ -589,7 +589,7 @@ static int r871xu_drv_init(struct usb_interface *pusb_intf,
> > > */
> > > static void r871xu_dev_remove(struct usb_interface *pusb_intf)
> > > {
> > > - struct net_device *pnetdev = usb_get_intfdata(pusb_intf);
> > > + struct net_device *pnetdev, *newpnetdev = usb_get_intfdata(pusb_intf);
> > > struct usb_device *udev = interface_to_usbdev(pusb_intf);
> > >
> > > if (pnetdev) {
> >
> > Did you test this?
>
> For now, I only tested this patch in my local workspace. The memory
> leak does not occur any more.
>
> I have pushed a patch testing onto the syzbot dashboard [1]. Now it is
> in the pending state.
>
> [1] https://syzkaller.appspot.com/bug?id=3a325b8389fc41c1bc94de0f4ac437ed13cce584
>
> >
> > I think you just broke the code right here :(
>
> If I broke any code logic, I am sorry. However, this patch only adds
> some code to deallocate some resources when failing to load firmware.
>
> Do you mean that I replace pnetdev with the variable - newpnetdev?
Yes, and then the first thing the code does is check the value of
pnetdev which is totally undefined :(
next prev parent reply other threads:[~2021-05-21 13:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-21 12:08 [PATCH] staging: rtl8712: Fix memory leak in r8712_init_recv_priv Dongliang Mu
2021-05-21 12:09 ` 慕冬亮
2021-05-21 12:18 ` Greg KH
2021-05-21 12:24 ` 慕冬亮
2021-05-21 13:16 ` Greg KH [this message]
2021-05-21 13:42 ` 慕冬亮
-- strict thread matches above, loose matches on Subject: below --
2021-05-24 11:49 Dongliang Mu
2021-05-25 11:03 ` Dan Carpenter
2021-05-25 14:32 ` 慕冬亮
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YKeyl6DL9rZylbKw@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=Larry.Finger@lwfinger.net \
--cc=florian.c.schilhabel@googlemail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=mudongliangabcd@gmail.com \
--cc=rkovhaev@gmail.com \
--cc=straube.linux@gmail.com \
--cc=syzbot+1c46f3771695bccbdb3a@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox