From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 09B8936EAB3 for ; Tue, 17 Feb 2026 19:51:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.47 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771357873; cv=none; b=ic3L2hG0todGm27KvRAFnYtIjmzrwHR1cUzCF/W/0VAMTKEWkxDiJvG4hMQA9DjvamQ1d1rFqfHpXtsnCuuv/RB3LwTZtZLwtuKcEl+nABuxyz8MzL0Cj3NaWz2BrCpOFpKqgWZ+oYBzDYZl5CdWmsRmC/xFYbAodBXw6Vgp/90= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771357873; c=relaxed/simple; bh=0ylqJ8dbg3vKa9h1x1fhdHgq5lHNwWxKQIXM7jtdBYc=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=bYjq2g1HeeXPdMpxKf4NnZrsdi/DJ2qj3OMgchFXOJrcJuJ3hUhkt/4yzUfqXMcGULr5zeRTZ/jtnkLDZ1Qy8xlbEdhWd1swVGAydpFjM3/uG+3/qkTjVKLvbQO9vfze7zOxIwDZnSib/pfpwSbr72qhlkRX7wcl0bBBet3YrD0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0a9tXVdA; arc=none smtp.client-ip=209.85.208.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0a9tXVdA" Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-65baa72399fso6220623a12.0 for ; Tue, 17 Feb 2026 11:51:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771357870; x=1771962670; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=8NMx17lfk0z1vTpalGUqUAQiCsJfCCjhwGFwiUMogkg=; b=0a9tXVdAkxZ1E2TWZAZik0/15y69vUezzJ71GN0+DJQGKyfBYFdfVWiq/uZ4K+XqOP ejV26aj645l53i6XknF4fr47i6QtggLkoGdY7wgGiSfb/IPkEdIStH59fDfOTnfaHxOT G/cqXaz4airkcD5d3vAOtTN2Y9ds4AUKisQav3w0YtIjTV4PdpaZ+npDKO4en9HuNOF4 ByKhuzvioh7HLfpiuHZi2T68iM7NPu5cTMEcOiA+oUqVcRTgMfQYb7uw78zA2PkgOuKZ FUe1FCvl+qfnQSrK/gjMPtjEuPQGfmNWKLpXwWJ8X+eXVJ6OwWwWQvYAZSLZu9pQ4edv CHeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771357870; x=1771962670; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8NMx17lfk0z1vTpalGUqUAQiCsJfCCjhwGFwiUMogkg=; b=eL7WKzahMQ4xUVfw8SyIsI56kzWtz448/fss9ga3zLW7SPBUvh2DKnFaybdfyD87Ov VlHnF0pYkVJ+VR6LcK23nMCg6qZpnKspXVd/GFEOB7S/W5sGHS08jWMSEHmQgdZV/bwE fhyb3wpJAuSkhxVwDjRY1g6EYUM0yvsd7XjYXaXhHzBiGSaKXas/KaSbbOJ2a2Dzm2L8 u1c8Y7tffYSRqxmAuxhZ/tFFfIUvEunUFJVheX76qKWLa76FwKt99O+AxvZPIDaa6Dp3 FXBFrA+APO3FCiMyRF1o661YFNLpIv2L22fDXFbPkMC1b4q6fh9osZVCzrs+IrqK0mwD LOXg== X-Forwarded-Encrypted: i=1; AJvYcCW8N9wrAby9Hmvif+SdAkPKytFb3tV2foh9P5zrUrb90ePEF3j9GyZGUsVJDB91xURCLY1IJe1g0Ss+/qk=@vger.kernel.org X-Gm-Message-State: AOJu0YyTt9a1XptImzhQxDAjXXGnG7xvmpUJwTmp0lAzA9DSXdnSanIZ OKxp48E/qisHYYUqTpoqr/pPs7yn4uI5ogrvhWhHePfs/qfk/DaMwdMysPhNegR1gg== X-Gm-Gg: AZuq6aLUlfjeRmVZAccMxhPaEIkYW0NIx3VFxqcEmdiqwWV7RAuEvXkzr2Vs1NCqNpE mUZ4GdnoZabhp9OeVP3CYA9Gw+o7/2nu47jGLa9R0BiuwdCL83z2qOZc0bX+qgL5LX7ztxey91w peE0c6dq1isjoP44pW2P966wv5hRAwIr7GnSyifx5QiSYS/ZbEJs/lo1PkVuNw8WXRwGw6YxfkJ Gbw08hKws4k7qGcI/jw+HCpwrGqIWmoCeBSULxAEzcrsYyfZHzk+3YGBHBPzbWDw5hgJsygw84m JRwTroEx0JOuYcfQxojoOJpBAl8lKW+uI6emKpvEEE98IaUG1SsPoIrXK1sFpcWvTSfi//VX3Ru q1IGDeaZZiukdf8B8qn5dBUPYSbxUTTUefMJPsq6hpbG1OWYhAX6/FKsm+LUVUxRWziEkGXljsJ 20CHj59Fa42Sk+zoX59ioDB9QlYnTzdG7eCNFf0Roc+s5oOSxMCJ3HuA== X-Received: by 2002:a05:6402:5213:b0:64b:58c0:a393 with SMTP id 4fb4d7f45d1cf-65bc7a7f68dmr6607873a12.30.1771357870145; Tue, 17 Feb 2026 11:51:10 -0800 (PST) Received: from google.com ([2a00:79e0:288a:8:8d29:f905:4a47:1dbf]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-65bad29d471sm2705392a12.9.2026.02.17.11.51.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Feb 2026 11:51:09 -0800 (PST) Date: Tue, 17 Feb 2026 20:51:04 +0100 From: =?utf-8?Q?G=C3=BCnther?= Noack To: Benjamin Tissoires Cc: Jiri Kosina , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 3/3] HID: asus: avoid memory leak in asus_report_fixup() Message-ID: References: <20260217160125.1097578-1-gnoack@google.com> <20260217160125.1097578-4-gnoack@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Hello! On Tue, Feb 17, 2026 at 07:31:23PM +0100, Benjamin Tissoires wrote: > On Feb 17 2026, Günther Noack wrote: > > The asus_report_fixup() function was allocating a new buffer with kmemdup() > > when growing the report descriptor but never freeing it. Switch to > > devm_kzalloc() to ensure the memory is managed and freed automatically when > > the device is removed. > > Actually this one is even worse: you can't use devm_kzalloc because > hid-core.c will later call kfree(dev->rdesc) if dev->rdesc is different > from the one provided by the low level driver. So we are going to have > a double free. The buffer returned by report_fixup() is duplicated first before hid-core stores it in dev->rdesc. The pointer that report_fixup() returns is not managed by the caller. I elaborated in the response to the other patch in [1]. You can see it in the source code in the position marked with (4). [1] https://lore.kernel.org/all/aZTEnPEHcWEkoTJR@google.com/ > I really wonder if this was ever tested. I only convinced myself by staring at the code, because I do not happen to have the matching USB devices here. What it your usual approach to verifying such changes? raw-gadget? —Günther