Re: [PATCH 1/1] usb:gadget:function:fix memory leak

From: Felipe Balbi
Date: Thu Jul 26 2018 - 07:11:31 EST

Next message: Felipe Balbi: "Re: [PATCH v6 4/4] arm: arm64: dts: add property snps incr burst type adjustment"
Previous message: Eugeniy Paltsev: "[PATCH 2/2] ARC: add SMP_CACHE_BYTES value validate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi,

Xidong Wang <wangxidong_97@xxxxxxx> writes:
> In function f_audio_set_alt(), the memory allocated by
> usb_ep_alloc_request() is not released on the error path
> that req->buf, which holds the return value of kzalloc(),
> is NULL. This will result in a memory leak bug.
>
> Signed-off-by: Xidong Wang <wangxidong_97@xxxxxxx>
> ---
> drivers/usb/gadget/function/f_uac1_legacy.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/gadget/function/f_uac1_legacy.c b/drivers/usb/gadget/function/f_uac1_legacy.c
> index 24c086b..2fcdade 100644
> --- a/drivers/usb/gadget/function/f_uac1_legacy.c
> +++ b/drivers/usb/gadget/function/f_uac1_legacy.c
> @@ -630,8 +630,11 @@ static int f_audio_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
> ERROR(cdev,
> "%s queue req: %d\n",
> out_ep->name, err);
> - } else
> + } else {
> + usb_ep_free_request(
> + out_ep, req);
> err = -ENOMEM;
> + }

I feel like this hunk has been ping ponging between having
usb_ep_free_request() and not having it because completion callback will
call usb_ep_free_request() or something along those lines.

Can we get a final solution that solves all cases and doesn't introduce
other bugs?

--
balbi

Attachment: signature.asc
Description: PGP signature

Next message: Felipe Balbi: "Re: [PATCH v6 4/4] arm: arm64: dts: add property snps incr burst type adjustment"
Previous message: Eugeniy Paltsev: "[PATCH 2/2] ARC: add SMP_CACHE_BYTES value validate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]