From: Takashi Iwai <tiwai@suse.de>
To: Jaroslav Kysela <perex@perex.cz>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 37/69] ALSA: usx2y: check for failure of usb_alloc_urb()
Date: Tue, 04 May 2021 10:27:34 +0200 [thread overview]
Message-ID: <s5hczu6rjih.wl-tiwai@suse.de> (raw)
In-Reply-To: <aa185e3d-981f-ca5a-ea40-d266e62b82fe@perex.cz>
On Mon, 03 May 2021 22:33:52 +0200,
Jaroslav Kysela wrote:
>
> Dne 03. 05. 21 v 13:57 Greg Kroah-Hartman napsal(a):
> > While it is almost impossible to hit an error calling usb_alloc_urb(),
> > to make systems like syzbot which does error injection, and some static
> > analysis tools happy, properly handle errors on this path by unwinding
> > the previously allocated urbs and freeing them.
>
> Perhaps, I miss something, but this revert and add the cleanup to the wrong
> place makes things worse:
>
> The usb_stream_free() is called when init_urbs() fails (returns an error), so
> all urbs are freed there and pointers are reset to NULL. Your code frees urbs
> twice on an allocation error.
>
> The reverted code does the job better.
Right, the suggested patch will cause the double-free, and the
reverted code is fine in this regard.
In anyway, the cleanup of this driver code is on my post-15.3 TODO
list. So, Greg, could you drop the revert and the additional fix at
this round for usx2y driver?
Thanks!
Takashi
>
> Jaroslav
>
> > Cc: Takashi Iwai <tiwai@suse.de>
> > Cc: Jaroslav Kysela <perex@perex.cz>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
> > sound/usb/usx2y/usb_stream.c | 21 +++++++++++++++++++--
> > 1 file changed, 19 insertions(+), 2 deletions(-)
> >
> > diff --git a/sound/usb/usx2y/usb_stream.c b/sound/usb/usx2y/usb_stream.c
> > index 6bba17bf689a..1091ea96a29a 100644
> > --- a/sound/usb/usx2y/usb_stream.c
> > +++ b/sound/usb/usx2y/usb_stream.c
> > @@ -88,18 +88,35 @@ static int init_urbs(struct usb_stream_kernel *sk, unsigned use_packsize,
> > sizeof(struct usb_stream_packet) *
> > s->inpackets;
> > int u;
> > + int i;
> > + int err = -ENOMEM;
> >
> > for (u = 0; u < USB_STREAM_NURBS; ++u) {
> > + sk->outurb[u] = NULL;
> > sk->inurb[u] = usb_alloc_urb(sk->n_o_ps, GFP_KERNEL);
> > + if (!sk->inurb[u])
> > + goto error;
> > sk->outurb[u] = usb_alloc_urb(sk->n_o_ps, GFP_KERNEL);
> > + if (!sk->outurb[u])
> > + goto error;
> > }
> > + u--;
> >
> > if (init_pipe_urbs(sk, use_packsize, sk->inurb, indata, dev, in_pipe) ||
> > init_pipe_urbs(sk, use_packsize, sk->outurb, sk->write_page, dev,
> > - out_pipe))
> > - return -EINVAL;
> > + out_pipe)) {
> > + err = -EINVAL;
> > + goto error;
> > + }
> >
> > return 0;
> > +
> > +error:
> > + for (i = 0; i <= u; ++i) {
> > + usb_free_urb(sk->inurb[i]);
> > + usb_free_urb(sk->outurb[i]);
> > + }
> > + return err;
> >
>
> --
> Jaroslav Kysela <perex@perex.cz>
> Linux Sound Maintainer; ALSA Project; Red Hat, Inc.
>
next prev parent reply other threads:[~2021-05-04 8:27 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-03 11:56 [PATCH 00/69] "Revert and fix properly" patch series based on umn.edu re-review Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 01/69] Revert "crypto: cavium/nitrox - add an error message to explain the failure of pci_request_mem_regions" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 02/69] Revert "ACPI: custom_method: fix memory leaks" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 03/69] Revert "media: rcar_drif: fix a memory disclosure" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 04/69] Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 05/69] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 06/69] Revert "media: usb: gspca: add a missed check for goto_low_power" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 07/69] Revert "ALSA: sb: fix a missing check of snd_ctl_add" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 08/69] Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 09/69] leds: lp5523: check return value of lp5xx_read and jump to cleanup code Greg Kroah-Hartman
2021-05-03 19:36 ` Jacek Anaszewski
2021-05-13 15:25 ` Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 10/69] Revert "serial: max310x: pass return value of spi_register_driver" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 11/69] serial: max310x: unregister uart driver in case of failure and abort Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 12/69] Revert "rtlwifi: fix a potential NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 13/69] net: rtlwifi: properly check for alloc_workqueue() failure Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 14/69] Revert "net: fujitsu: fix a potential NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 15/69] net: fujitsu: fix potential null-ptr-deref Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 16/69] Revert "net/smc: fix a NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 17/69] net/smc: properly handle workqueue allocation failure Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 18/69] Revert "net: caif: replace BUG_ON with recovery code" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 19/69] net: caif: remove BUG_ON(dev == NULL) in caif_xmit Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 20/69] Revert "net: stmicro: fix a missing check of clk_prepare" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 21/69] net: stmicro: handle clk_prepare() failure during init Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 22/69] Revert "niu: fix missing checks of niu_pci_eeprom_read" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 23/69] ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 24/69] Revert "qlcnic: Avoid potential NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 25/69] qlcnic: Add null check after calling netdev_alloc_skb Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 26/69] Revert "gdrom: fix a memory leak bug" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 27/69] cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom Greg Kroah-Hartman
2021-05-03 14:13 ` Peter Rosin
2021-05-06 10:24 ` Greg Kroah-Hartman
2021-05-06 13:08 ` Peter Rosin
2021-05-06 13:43 ` Greg Kroah-Hartman
2021-05-06 14:00 ` [PATCH] cdrom: gdrom: initialize global variable at init time Greg Kroah-Hartman
2021-05-06 15:47 ` Peter Rosin
2021-05-06 14:32 ` [PATCH 27/69] cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom Atul Gopinathan
2021-05-06 15:43 ` Peter Rosin
2021-05-06 16:40 ` Atul Gopinathan
2021-05-03 11:56 ` [PATCH 28/69] Revert "char: hpet: fix a missing check of ioremap" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 29/69] char: hpet: add checks after calling ioremap Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 30/69] Revert "scsi: ufs: fix a missing check of devm_reset_control_get" Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 31/69] scsi: ufs: handle cleanup correctly on devm_reset_control_get error Greg Kroah-Hartman
2021-05-03 11:56 ` [PATCH 32/69] Revert "ALSA: gus: add a check of the status of snd_ctl_add" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 33/69] ALSA: gus: properly handle snd_ctl_add() error Greg Kroah-Hartman
2021-05-03 12:28 ` Takashi Iwai
2021-05-03 16:55 ` Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 34/69] Revert "ALSA: sb8: add a check for request_region" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 35/69] ALSA: sb8: Add a comment note regarding an unused pointer Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 36/69] Revert "ALSA: usx2y: Fix potential NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 37/69] ALSA: usx2y: check for failure of usb_alloc_urb() Greg Kroah-Hartman
2021-05-03 20:33 ` Jaroslav Kysela
2021-05-04 8:27 ` Takashi Iwai [this message]
2021-05-04 16:31 ` Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 38/69] Revert "video: hgafb: fix potential NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 39/69] video: hgafb: fix potential NULL pointer dereference Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 40/69] Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 41/69] isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 42/69] Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 43/69] ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 44/69] Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 45/69] rapidio: handle create_workqueue() failure Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 46/69] Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 47/69] isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 48/69] Revert "ecryptfs: replace BUG_ON with error handling code" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 49/69] fs: ecryptfs: remove BUG_ON from crypt_scatterlist Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 50/69] Revert "dmaengine: qcom_hidma: Check for driver register failure" Greg Kroah-Hartman
2021-05-03 12:57 ` Sinan Kaya
2021-05-03 13:31 ` Vinod Koul
2021-05-03 11:57 ` [PATCH 51/69] dmaengine: qcom_hidma: comment platform_driver_register call Greg Kroah-Hartman
2021-05-03 12:57 ` Sinan Kaya
2021-05-03 13:31 ` Vinod Koul
2021-05-03 11:57 ` [PATCH 52/69] Revert "libertas: add checks for the return value of sysfs_create_group" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 53/69] libertas: register sysfs groups properly Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 54/69] Revert "ASoC: rt5645: fix a NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 55/69] ASoC: rt5645: add error checking to rt5645_probe function Greg Kroah-Hartman
2021-05-25 21:38 ` Mark Brown
2021-05-25 22:02 ` Phillip Potter
2021-05-27 16:31 ` Mark Brown
2021-05-30 8:58 ` Phillip Potter
2021-05-03 11:57 ` [PATCH 56/69] Revert "ASoC: cs43130: fix a NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 57/69] ASoC: cs43130: handle errors in cs43130_probe() properly Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 58/69] Revert "media: dvb: Add check on sp8870_readreg" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 59/69] media: dvb: Add check on sp8870_readreg return Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 60/69] Revert "media: gspca: mt9m111: Check write_bridge for timeout" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 61/69] media: gspca: mt9m111: Check write_bridge for timeout Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 62/69] Revert "media: gspca: Check the return value of write_bridge for timeout" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 63/69] media: gspca: properly check for errors in po1030_probe() Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 64/69] Revert "net: liquidio: fix a NULL pointer dereference" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 65/69] net: liquidio: Add missing null pointer checks Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 66/69] Revert "video: imsttfb: fix potential NULL pointer dereferences" Greg Kroah-Hartman
2021-05-03 13:41 ` Rob Herring
2021-05-03 11:57 ` [PATCH 67/69] video: imsttfb: check for ioremap() failures Greg Kroah-Hartman
2021-05-03 13:40 ` Rob Herring
2021-05-03 11:57 ` [PATCH 68/69] Revert "brcmfmac: add a check for the status of usb_register" Greg Kroah-Hartman
2021-05-03 11:57 ` [PATCH 69/69] brcmfmac: properly check for bus register errors Greg Kroah-Hartman
2021-05-13 16:59 ` [PATCH 00/69] "Revert and fix properly" patch series based on umn.edu re-review Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=s5hczu6rjih.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).