Inconsistency in usb_add_gadget_udc_release() interface
From: Alexey Khoroshilov
Date: Tue Aug 15 2017 - 17:39:47 EST
Hello,
usb_add_gadget_udc_release() gets release() argument that allows to
release user resources.
As far as I can see, the release() is called on error paths
of usb_add_gadget_udc_release() as a result of
put_device(&gadget->dev);
except for the only path going via err1.
As a result a caller of the usb_add_gadget_udc_release() have no chance
to know if the release() was invoked or not.
It may lead to memory leaks (drivers/usb/gadget/udc/snps_udc_core.c)
or to double free (drivers/usb/gadget/udc/fsl_udc_core.c).
Is my reading correct? If so, should we always call release() on error paths?
--
Alexey Khoroshilov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org