Re: [PATCH] USB: Gadget: Composite: Added error handling codes toprevent a memory leak case when the configuration's bind function failed

From: Michal Nazarewicz
Date: Tue Mar 20 2012 - 09:41:31 EST


On Tue, 20 Mar 2012 02:38:38 +0100, Yongsul Oh <yongsul96.oh@xxxxxxxxxxx> wrote:

In some USB composite gadget drivers, the configuration's bind function
called by the usb_add_config() calls multiple bind config functions.
(for example cdc2 configuration bind function in the cdc_do_config()
of the cdc2.c has two functionality bind config functions.
- the ecm_bind_config() & the acm_bind_config())

In each functionality bind config function, new instance is allocated and
finally added by the usb_add_function().

So if an error occurred during the second functionality bind config
(for example an error occurred at the acm_bind_config() after succeeding of
the ecm_bind_function()), the instance created by the acm_bind_config()
cannot be freed creating a memory leak.

This patch fixes this issue.

Signed-off-by: Yongsul Oh <yongsul96.oh@xxxxxxxxxxx>

Like before:

Acked-by: Michal Nazarewicz <mina86@xxxxxxxxxx>

---
drivers/usb/gadget/composite.c | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
index baaebf2..4cb1801 100644
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -737,6 +737,19 @@ int usb_add_config(struct usb_composite_dev *cdev,
status = bind(config);
if (status < 0) {
+ while (!list_empty(&config->functions)) {
+ struct usb_function *f;
+
+ f = list_first_entry(&config->functions,
+ struct usb_function, list);
+ list_del(&f->list);
+ if (f->unbind) {
+ DBG(cdev, "unbind function '%s'/%p\n",
+ f->name, f);
+ f->unbind(config, f);
+ /* may free memory for "f" */
+ }
+ }
list_del(&config->list);
config->cdev = NULL;
} else {


--
Best regards, _ _
.o. | Liege of Serenely Enlightened Majesty of o' \,=./ `o
..o | Computer Science, MichaÅ âmina86â Nazarewicz (o o)
ooo +----<email/xmpp: mpn@xxxxxxxxxx>--------------ooO--(_)--Ooo--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/