[PATCH v3] gpib: Fix memory leak in ni_usb_init()

From: Zilin Guan
Date: Mon Dec 29 2025 - 22:46:04 EST

Next message: Turritopsis Dohrnii Teo En Ming: "Linux Kernel 6.19-rc3 Released With A Holiday's Week Of Fixes"
Previous message: SeongJae Park: "Re: [PATCH] mm/damon/core: remove call_control in inactive contexts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In ni_usb_init(), if ni_usb_setup_init() fails, the function returns
-EFAULT without freeing the allocated writes buffer, leading to a
memory leak.

Additionally, ni_usb_setup_init() returns 0 on failure, which causes
ni_usb_init() to return -EFAULT, an inappropriate error code for this
situation.

Fix the leak by freeing writes in the error path. Modify
ni_usb_setup_init() to return -EINVAL on failure and propagate this
error code in ni_usb_init().

Fixes: 4e127de14fa7 ("staging: gpib: Add National Instruments USB GPIB driver")
Suggested-by: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Suggested-by: Dave Penkler <dpenkler@xxxxxxxxx>
Co-developed-by: Jianhao Xu <jianhao.xu@xxxxxxxxxx>
Signed-off-by: Jianhao Xu <jianhao.xu@xxxxxxxxxx>
Signed-off-by: Zilin Guan <zilin@xxxxxxxxxx>
---
Changes in v3:
- Enable ni_usb_setup_init() to return negative error codes on failure.
- Remove "staging" prefix based on current file path.

Changes in v2:
- Use early return to simplify error handling logic.

drivers/gpib/ni_usb/ni_usb_gpib.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/drivers/gpib/ni_usb/ni_usb_gpib.c b/drivers/gpib/ni_usb/ni_usb_gpib.c
index 1f8412de9fa3..52fb76b48467 100644
--- a/drivers/gpib/ni_usb/ni_usb_gpib.c
+++ b/drivers/gpib/ni_usb/ni_usb_gpib.c
@@ -1780,7 +1780,7 @@ static int ni_usb_setup_init(struct gpib_board *board, struct ni_usb_register *w
i++;
if (i > NUM_INIT_WRITES) {
dev_err(&usb_dev->dev, "bug!, buffer overrun, i=%i\n", i);
- return 0;
+ return -EINVAL;
}
return i;
}
@@ -1799,10 +1799,12 @@ static int ni_usb_init(struct gpib_board *board)
return -ENOMEM;

writes_len = ni_usb_setup_init(board, writes);
- if (writes_len)
- retval = ni_usb_write_registers(ni_priv, writes, writes_len, &ibsta);
- else
- return -EFAULT;
+ if (writes_len < 0) {
+ kfree(writes);
+ return writes_len;
+ }
+
+ retval = ni_usb_write_registers(ni_priv, writes, writes_len, &ibsta);
kfree(writes);
if (retval) {
dev_err(&usb_dev->dev, "register write failed, retval=%i\n", retval);
--
2.34.1

Next message: Turritopsis Dohrnii Teo En Ming: "Linux Kernel 6.19-rc3 Released With A Holiday's Week Of Fixes"
Previous message: SeongJae Park: "Re: [PATCH] mm/damon/core: remove call_control in inactive contexts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]