From: Takashi Iwai <tiwai@suse.de>
To: alsa-devel@alsa-project.org
Subject: [PATCH 06/11] ALSA: usx2y: Fix potential memory leaks
Date: Mon, 17 May 2021 15:15:40 +0200 [thread overview]
Message-ID: <20210517131545.27252-7-tiwai@suse.de> (raw)
In-Reply-To: <20210517131545.27252-1-tiwai@suse.de>
Theoretically the initialization functions in usx2y drivers may be
called multiple times as the driver gets initialized via hwpdep
ioctl. Meanwhile, those functions including memory allocations don't
check whether they are called twice, and they forget the old
resources, which would lead to memory leaks.
This patch adds the sanity checks about the doubly initializations to
give kernel WARNING, and returns an error in such a case. Also, each
allocation assures to release the resources at its error path
properly.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
sound/usb/usx2y/usbusx2y.c | 39 ++++++++++++++++++++++++++++++++------
1 file changed, 33 insertions(+), 6 deletions(-)
diff --git a/sound/usb/usx2y/usbusx2y.c b/sound/usb/usx2y/usbusx2y.c
index 25e04a0ff97b..d2e1cf163521 100644
--- a/sound/usb/usx2y/usbusx2y.c
+++ b/sound/usb/usx2y/usbusx2y.c
@@ -150,6 +150,7 @@ static int snd_usx2y_card_used[SNDRV_CARDS];
static void usx2y_usb_disconnect(struct usb_device *usb_device, void *ptr);
static void snd_usx2y_card_private_free(struct snd_card *card);
+static void usx2y_unlinkseq(struct snd_usx2y_async_seq *s);
/*
* pipe 4 is used for switching the lamps, setting samplerate, volumes ....
@@ -252,6 +253,9 @@ int usx2y_async_seq04_init(struct usx2ydev *usx2y)
{
int err = 0, i;
+ if (WARN_ON(usx2y->as04.buffer))
+ return -EBUSY;
+
usx2y->as04.buffer = kmalloc_array(URBS_ASYNC_SEQ,
URB_DATA_LEN_ASYNC_SEQ, GFP_KERNEL);
if (!usx2y->as04.buffer) {
@@ -272,27 +276,47 @@ int usx2y_async_seq04_init(struct usx2ydev *usx2y)
break;
}
}
+ if (err)
+ usx2y_unlinkseq(&usx2y->as04);
return err;
}
int usx2y_in04_init(struct usx2ydev *usx2y)
{
+ int err;
+
+ if (WARN_ON(usx2y->in04_urb))
+ return -EBUSY;
+
usx2y->in04_urb = usb_alloc_urb(0, GFP_KERNEL);
- if (!usx2y->in04_urb)
- return -ENOMEM;
+ if (!usx2y->in04_urb) {
+ err = -ENOMEM;
+ goto error;
+ }
usx2y->in04_buf = kmalloc(21, GFP_KERNEL);
- if (!usx2y->in04_buf)
- return -ENOMEM;
+ if (!usx2y->in04_buf) {
+ err = -ENOMEM;
+ goto error;
+ }
init_waitqueue_head(&usx2y->in04_wait_queue);
usb_fill_int_urb(usx2y->in04_urb, usx2y->dev, usb_rcvintpipe(usx2y->dev, 0x4),
usx2y->in04_buf, 21,
i_usx2y_in04_int, usx2y,
10);
- if (usb_urb_ep_type_check(usx2y->in04_urb))
- return -EINVAL;
+ if (usb_urb_ep_type_check(usx2y->in04_urb)) {
+ err = -EINVAL;
+ goto error;
+ }
return usb_submit_urb(usx2y->in04_urb, GFP_KERNEL);
+
+ error:
+ kfree(usx2y->in04_buf);
+ usb_free_urb(usx2y->in04_urb);
+ usx2y->in04_buf = NULL;
+ usx2y->in04_urb = NULL;
+ return err;
}
static void usx2y_unlinkseq(struct snd_usx2y_async_seq *s)
@@ -300,11 +324,14 @@ static void usx2y_unlinkseq(struct snd_usx2y_async_seq *s)
int i;
for (i = 0; i < URBS_ASYNC_SEQ; ++i) {
+ if (!s->urb[i])
+ continue;
usb_kill_urb(s->urb[i]);
usb_free_urb(s->urb[i]);
s->urb[i] = NULL;
}
kfree(s->buffer);
+ s->buffer = NULL;
}
static const struct usb_device_id snd_usx2y_usb_id_table[] = {
--
2.26.2
next prev parent reply other threads:[~2021-05-17 13:19 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-17 13:15 [PATCH 00/11] ALSA: usx2y: Fixes and cleanups Takashi Iwai
2021-05-17 13:15 ` [PATCH 01/11] ALSA: usx2y: Avoid camelCase Takashi Iwai
2021-05-17 13:15 ` [PATCH 02/11] ALSA: usx2y: Fix spaces Takashi Iwai
2021-05-17 13:15 ` [PATCH 03/11] ALSA: usx2y: Coding style fixes Takashi Iwai
2021-05-17 13:15 ` [PATCH 04/11] ALSA: usx2y: Fix potential leaks of uninitialized memory Takashi Iwai
2021-05-17 13:15 ` [PATCH 05/11] ALSA: usx2y: Avoid self-killing Takashi Iwai
2021-05-17 13:15 ` Takashi Iwai [this message]
2021-05-17 13:15 ` [PATCH 07/11] ALSA: usxy2: Fix potential doubly allocations Takashi Iwai
2021-05-17 13:15 ` [PATCH 08/11] ALSA: usx2y: Fix shmem initialization Takashi Iwai
2021-05-17 13:15 ` [PATCH 09/11] ALSA: usx2y: Don't call free_pages_exact() with NULL address Takashi Iwai
2021-05-17 13:15 ` [PATCH 10/11] ALSA: usx2y: Cleanup probe and disconnect callbacks Takashi Iwai
2021-05-17 13:15 ` [PATCH 11/11] ALSA: usx2y: Nuke pcm_list Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210517131545.27252-7-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.