[PATCH] USB: Gadget: Composite: Added error handling codes to preventa memory leak case when the configuration's bind function failed

From: Yongsul
Date: Wed Mar 14 2012 - 21:24:16 EST

Next message: Chris Metcalf: "Re: [PATCH v3] ipc: provide generic compat versions of IPC syscalls"
Previous message: Andi Kleen: "Re: [PATCH] vfs namespace: Don't assume mount namespace has validroot"
Next in thread: Michal Nazarewicz: "Re: [PATCH] USB: Gadget: Composite: Added error handling codes toprevent a memory leak case when the configuration's bind function failed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: yongsul96.oh@xxxxxxxxxxx <yongsul96.oh@xxxxxxxxxxx>

In some usb gadget driver, for example usb gadget serial driver(serial.c),
multifunction composite driver(multi,c), nokia composite gadget driver(nokia.c),
HID composite driver(hid.c), CDC composite driver(cdc2.c).., the configuration's
bind function by called the 'usb_add_config()' has multiple bind config functions
for each functionality, for example cdc2 configuration bind function -'cdc_do_config()'
has two functionality bind config functions -'ecm_bind_config()' & 'acm_bind_config()'
in CDC composite driver.
In each functionality bind config function, new instance for each functionality is
allocated & initialized by 'kzalloc()' ,and finally the new instance is added by
'usb_add_function()'. After 'usb_add_function' state, already created the instance
is only handled by its configuration & freed from functionality unbind function.
So, If an error occurred during the second functionality bind config state, for example
an error occurred at 'acm_bind_config()' after succeeding 'ecm_bind_function()',
The created instance by 'acm_bind_config()' cannot be freed.
And it makes memory leak situation.

This patch fixes this issue.

Signed-off-by: yongsul96.oh@xxxxxxxxxxx <yongsul96.oh@xxxxxxxxxxx>
---
drivers/usb/gadget/composite.c | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
index baaebf2..4cb1801 100644
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -737,6 +737,19 @@ int usb_add_config(struct usb_composite_dev *cdev,

status = bind(config);
if (status < 0) {
+ while (!list_empty(&config->functions)) {
+ struct usb_function *f;
+
+ f = list_first_entry(&config->functions,
+ struct usb_function, list);
+ list_del(&f->list);
+ if (f->unbind) {
+ DBG(cdev, "unbind function '%s'/%p\n",
+ f->name, f);
+ f->unbind(config, f);
+ /* may free memory for "f" */
+ }
+ }
list_del(&config->list);
config->cdev = NULL;
} else {
--
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Metcalf: "Re: [PATCH v3] ipc: provide generic compat versions of IPC syscalls"
Previous message: Andi Kleen: "Re: [PATCH] vfs namespace: Don't assume mount namespace has validroot"
Next in thread: Michal Nazarewicz: "Re: [PATCH] USB: Gadget: Composite: Added error handling codes toprevent a memory leak case when the configuration's bind function failed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]