From: Takashi Iwai <tiwai@suse.de> To: Navid Emamdoost <navid.emamdoost@gmail.com> Cc: Navid Emamdoost <emamd001@umn.edu>, Kangjie Lu <kjlu@umn.edu>, Stephen McCamant <smccaman@umn.edu>, Clemens Ladisch <clemens@ladisch.de>, Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>, alsa-devel@alsa-project.org, LKML <linux-kernel@vger.kernel.org> Subject: Re: [PATCH] ALSA: usb-audio: Fix memory leak in __snd_usbmidi_create Date: Mon, 28 Oct 2019 17:38:37 +0100 [thread overview] Message-ID: <s5hy2x4u8oi.wl-tiwai@suse.de> (raw) In-Reply-To: <CAEkB2ESwKEQYQx75BnaHf4aUQHObx4jf0hreQx_KTeZ+QCjL4g@mail.gmail.com> On Mon, 28 Oct 2019 17:25:41 +0100, Navid Emamdoost wrote: > > Thanks for the explanation, > > On Mon, Oct 28, 2019 at 1:27 AM Takashi Iwai <tiwai@suse.de> wrote: > > > > On Sun, 27 Oct 2019 23:10:06 +0100, > > Navid Emamdoost wrote: > > > > > > In the implementation of __snd_usbmidi_create() there is a memory leak > > > caused by incorrect goto destination. Go to free_midi if > > > snd_usbmidi_create_endpoints_midiman() or snd_usbmidi_create_endpoints() > > > fail. > > > > No, this will lead to double-free. After registering the rawmidi > > interface at snd_usbmidi_create_rawmidi(), the common destructor will > > be called via rawmidi private_free callback, and this will release the > > all resources already. > Now I can see how rawmidi private_free is set up to release the > resources, but what concerns me is that at the moment of endpoint/port > creation umidi is not yet added to the midi_list. > In other words, what I see is that we still have just one local > pointer to umidi if any of snd_usbmidi_create_endpoint* fail. > Am I missing something? The rawmidi object that is created via snd_rawmidi_new() is managed via snd_device list, and it's traversed at snd_card_disconnect() and snd_card_free() calls. It's something like devm-stuff (but implemented in a different way). The midi_list is an explicit list for the USB MIDI driver, and it's an individual one from the device list. Takashi > > > > > > > > thanks, > > > > Takashi > > > > > > > > Fixes: 731209cc0417 ("ALSA: usb-midi: Use common error handling code in __snd_usbmidi_create()") > > > Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> > > > --- > > > sound/usb/midi.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/sound/usb/midi.c b/sound/usb/midi.c > > > index b737f0ec77d0..22db37fbfbbd 100644 > > > --- a/sound/usb/midi.c > > > +++ b/sound/usb/midi.c > > > @@ -2476,7 +2476,7 @@ int __snd_usbmidi_create(struct snd_card *card, > > > else > > > err = snd_usbmidi_create_endpoints(umidi, endpoints); > > > if (err < 0) > > > - goto exit; > > > + goto free_midi; > > > > > > usb_autopm_get_interface_no_resume(umidi->iface); > > > > > > -- > > > 2.17.1 > > > > > > > -- > Navid. >
WARNING: multiple messages have this Message-ID (diff)
From: Takashi Iwai <tiwai@suse.de> To: Navid Emamdoost <navid.emamdoost@gmail.com> Cc: alsa-devel@alsa-project.org, Kangjie Lu <kjlu@umn.edu>, Clemens Ladisch <clemens@ladisch.de>, Takashi Iwai <tiwai@suse.com>, Navid Emamdoost <emamd001@umn.edu>, Stephen McCamant <smccaman@umn.edu>, LKML <linux-kernel@vger.kernel.org> Subject: Re: [alsa-devel] [PATCH] ALSA: usb-audio: Fix memory leak in __snd_usbmidi_create Date: Mon, 28 Oct 2019 17:38:37 +0100 [thread overview] Message-ID: <s5hy2x4u8oi.wl-tiwai@suse.de> (raw) In-Reply-To: <CAEkB2ESwKEQYQx75BnaHf4aUQHObx4jf0hreQx_KTeZ+QCjL4g@mail.gmail.com> On Mon, 28 Oct 2019 17:25:41 +0100, Navid Emamdoost wrote: > > Thanks for the explanation, > > On Mon, Oct 28, 2019 at 1:27 AM Takashi Iwai <tiwai@suse.de> wrote: > > > > On Sun, 27 Oct 2019 23:10:06 +0100, > > Navid Emamdoost wrote: > > > > > > In the implementation of __snd_usbmidi_create() there is a memory leak > > > caused by incorrect goto destination. Go to free_midi if > > > snd_usbmidi_create_endpoints_midiman() or snd_usbmidi_create_endpoints() > > > fail. > > > > No, this will lead to double-free. After registering the rawmidi > > interface at snd_usbmidi_create_rawmidi(), the common destructor will > > be called via rawmidi private_free callback, and this will release the > > all resources already. > Now I can see how rawmidi private_free is set up to release the > resources, but what concerns me is that at the moment of endpoint/port > creation umidi is not yet added to the midi_list. > In other words, what I see is that we still have just one local > pointer to umidi if any of snd_usbmidi_create_endpoint* fail. > Am I missing something? The rawmidi object that is created via snd_rawmidi_new() is managed via snd_device list, and it's traversed at snd_card_disconnect() and snd_card_free() calls. It's something like devm-stuff (but implemented in a different way). The midi_list is an explicit list for the USB MIDI driver, and it's an individual one from the device list. Takashi > > > > > > > > thanks, > > > > Takashi > > > > > > > > Fixes: 731209cc0417 ("ALSA: usb-midi: Use common error handling code in __snd_usbmidi_create()") > > > Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> > > > --- > > > sound/usb/midi.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/sound/usb/midi.c b/sound/usb/midi.c > > > index b737f0ec77d0..22db37fbfbbd 100644 > > > --- a/sound/usb/midi.c > > > +++ b/sound/usb/midi.c > > > @@ -2476,7 +2476,7 @@ int __snd_usbmidi_create(struct snd_card *card, > > > else > > > err = snd_usbmidi_create_endpoints(umidi, endpoints); > > > if (err < 0) > > > - goto exit; > > > + goto free_midi; > > > > > > usb_autopm_get_interface_no_resume(umidi->iface); > > > > > > -- > > > 2.17.1 > > > > > > > -- > Navid. > _______________________________________________ Alsa-devel mailing list Alsa-devel@alsa-project.org https://mailman.alsa-project.org/mailman/listinfo/alsa-devel
next prev parent reply other threads:[~2019-10-28 16:38 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-27 22:10 [PATCH] ALSA: usb-audio: Fix memory leak in __snd_usbmidi_create Navid Emamdoost 2019-10-27 22:10 ` [alsa-devel] " Navid Emamdoost 2019-10-28 6:27 ` Takashi Iwai 2019-10-28 6:27 ` [alsa-devel] " Takashi Iwai 2019-10-28 16:25 ` Navid Emamdoost 2019-10-28 16:25 ` [alsa-devel] " Navid Emamdoost 2019-10-28 16:38 ` Takashi Iwai [this message] 2019-10-28 16:38 ` Takashi Iwai 2019-10-28 16:42 ` Navid Emamdoost 2019-10-28 16:42 ` [alsa-devel] " Navid Emamdoost 2019-10-28 16:38 ` Clemens Ladisch 2019-10-28 16:38 ` [alsa-devel] " Clemens Ladisch
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=s5hy2x4u8oi.wl-tiwai@suse.de \ --to=tiwai@suse.de \ --cc=alsa-devel@alsa-project.org \ --cc=clemens@ladisch.de \ --cc=emamd001@umn.edu \ --cc=kjlu@umn.edu \ --cc=linux-kernel@vger.kernel.org \ --cc=navid.emamdoost@gmail.com \ --cc=perex@perex.cz \ --cc=smccaman@umn.edu \ --cc=tiwai@suse.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.