* [PATCH v2 0/2] usb: gadget: Fix two memleaks in error handling
@ 2020-11-17 2:16 Zhang Qilong
2020-11-17 2:16 ` [PATCH v2 1/2] usb: gadget: f_midi: Fix memleak in f_midi_alloc Zhang Qilong
2020-11-17 2:16 ` [PATCH v2 2/2] usb: gadget: Fix memleak in gadgetfs_fill_super Zhang Qilong
0 siblings, 2 replies; 4+ messages in thread
From: Zhang Qilong @ 2020-11-17 2:16 UTC (permalink / raw)
To: peter.chen, balbi, gregkh, sergei.shtylyov; +Cc: linux-usb
This patch sets fix two memleaks before error returns.
---
Changelog:
v2
- add midi_free label in f_midi_alloc and use kfree in
gadgetfs_fill_super.
Zhang Qilong (2):
usb: gadget: f_midi: Fix memleak in f_midi_alloc
usb: gadget: Fix memleak in gadgetfs_fill_super
drivers/usb/gadget/function/f_midi.c | 10 +++++++---
drivers/usb/gadget/legacy/inode.c | 3 +++
2 files changed, 10 insertions(+), 3 deletions(-)
--
2.25.4
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 1/2] usb: gadget: f_midi: Fix memleak in f_midi_alloc
2020-11-17 2:16 [PATCH v2 0/2] usb: gadget: Fix two memleaks in error handling Zhang Qilong
@ 2020-11-17 2:16 ` Zhang Qilong
2020-11-17 2:16 ` [PATCH v2 2/2] usb: gadget: Fix memleak in gadgetfs_fill_super Zhang Qilong
1 sibling, 0 replies; 4+ messages in thread
From: Zhang Qilong @ 2020-11-17 2:16 UTC (permalink / raw)
To: peter.chen, balbi, gregkh, sergei.shtylyov; +Cc: linux-usb
In the error path, if midi is not null, we should
free the midi->id if necessary to prevent memleak.
Fixes: b85e9de9e818d ("usb: gadget: f_midi: convert to new function interface with backward compatibility")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
---
Changelog:
v2
- add midi_free label and fix description.
---
drivers/usb/gadget/function/f_midi.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c
index 85cb15734aa8..19d97940eeb9 100644
--- a/drivers/usb/gadget/function/f_midi.c
+++ b/drivers/usb/gadget/function/f_midi.c
@@ -1315,7 +1315,7 @@ static struct usb_function *f_midi_alloc(struct usb_function_instance *fi)
midi->id = kstrdup(opts->id, GFP_KERNEL);
if (opts->id && !midi->id) {
status = -ENOMEM;
- goto setup_fail;
+ goto midi_free;
}
midi->in_ports = opts->in_ports;
midi->out_ports = opts->out_ports;
@@ -1327,7 +1327,7 @@ static struct usb_function *f_midi_alloc(struct usb_function_instance *fi)
status = kfifo_alloc(&midi->in_req_fifo, midi->qlen, GFP_KERNEL);
if (status)
- goto setup_fail;
+ goto midi_free;
spin_lock_init(&midi->transmit_lock);
@@ -1343,9 +1343,13 @@ static struct usb_function *f_midi_alloc(struct usb_function_instance *fi)
return &midi->func;
+midi_free:
+ if (midi)
+ kfree(midi->id);
+ kfree(midi);
setup_fail:
mutex_unlock(&opts->lock);
- kfree(midi);
+
return ERR_PTR(status);
}
--
2.25.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 2/2] usb: gadget: Fix memleak in gadgetfs_fill_super
2020-11-17 2:16 [PATCH v2 0/2] usb: gadget: Fix two memleaks in error handling Zhang Qilong
2020-11-17 2:16 ` [PATCH v2 1/2] usb: gadget: f_midi: Fix memleak in f_midi_alloc Zhang Qilong
@ 2020-11-17 2:16 ` Zhang Qilong
2020-11-19 15:50 ` Alan Stern
1 sibling, 1 reply; 4+ messages in thread
From: Zhang Qilong @ 2020-11-17 2:16 UTC (permalink / raw)
To: peter.chen, balbi, gregkh, sergei.shtylyov; +Cc: linux-usb
usb_get_gadget_udc_name will alloc memory for CHIP
in "Enomem" branch. we should free it before error
returns to prevent memleak.
Fixes: 175f712119c57 ("usb: gadget: provide interface for legacy gadgets to get UDC name")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
---
Changelog:
v2
- replace free with kfree.
---
drivers/usb/gadget/legacy/inode.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
index 1b430b36d0a6..71e7d10dd76b 100644
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -2039,6 +2039,9 @@ gadgetfs_fill_super (struct super_block *sb, struct fs_context *fc)
return 0;
Enomem:
+ kfree(CHIP);
+ CHIP = NULL;
+
return -ENOMEM;
}
--
2.25.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 2/2] usb: gadget: Fix memleak in gadgetfs_fill_super
2020-11-17 2:16 ` [PATCH v2 2/2] usb: gadget: Fix memleak in gadgetfs_fill_super Zhang Qilong
@ 2020-11-19 15:50 ` Alan Stern
0 siblings, 0 replies; 4+ messages in thread
From: Alan Stern @ 2020-11-19 15:50 UTC (permalink / raw)
To: Zhang Qilong; +Cc: peter.chen, balbi, gregkh, sergei.shtylyov, linux-usb
On Tue, Nov 17, 2020 at 10:16:29AM +0800, Zhang Qilong wrote:
> usb_get_gadget_udc_name will alloc memory for CHIP
> in "Enomem" branch. we should free it before error
> returns to prevent memleak.
>
> Fixes: 175f712119c57 ("usb: gadget: provide interface for legacy gadgets to get UDC name")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
> ---
Acked-by: Alan Stern <stern@rowland.harvard.edu>
> Changelog:
> v2
> - replace free with kfree.
> ---
> drivers/usb/gadget/legacy/inode.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
> index 1b430b36d0a6..71e7d10dd76b 100644
> --- a/drivers/usb/gadget/legacy/inode.c
> +++ b/drivers/usb/gadget/legacy/inode.c
> @@ -2039,6 +2039,9 @@ gadgetfs_fill_super (struct super_block *sb, struct fs_context *fc)
> return 0;
>
> Enomem:
> + kfree(CHIP);
> + CHIP = NULL;
> +
> return -ENOMEM;
> }
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-11-19 15:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-17 2:16 [PATCH v2 0/2] usb: gadget: Fix two memleaks in error handling Zhang Qilong
2020-11-17 2:16 ` [PATCH v2 1/2] usb: gadget: f_midi: Fix memleak in f_midi_alloc Zhang Qilong
2020-11-17 2:16 ` [PATCH v2 2/2] usb: gadget: Fix memleak in gadgetfs_fill_super Zhang Qilong
2020-11-19 15:50 ` Alan Stern
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).