lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100614223304.GB31069@kroah.com>
Date:	Mon, 14 Jun 2010 15:33:04 -0700
From:	Greg KH <greg@...ah.com>
To:	Axel Lin <axel.lin@...il.com>
Cc:	linux-kernel <linux-kernel@...r.kernel.org>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Matthew Garrett <mjg@...hat.com>,
	Anssi Hannula <anssi.hannula@...il.com>,
	Bernhard Rosenkraenzer <bero@...linux.org>,
	linux-usb@...r.kernel.org
Subject: Re: [PATCH] qcserial: fix a memory leak in qcprobe error path

On Tue, Jun 08, 2010 at 03:29:23PM +0800, Axel Lin wrote:
> In current implemtation, the "data" is not kfreed in qcprobe error path.
> This patch moves the memory allocation a little bit latter and only
> allocate memory when no error is detected in previous checking.

Yeah, but it's now pretty messy.

> --- a/drivers/usb/serial/qcserial.c
> +++ b/drivers/usb/serial/qcserial.c
> @@ -109,13 +109,6 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
>  	ifnum = intf->desc.bInterfaceNumber;
>  	dbg("This Interface = %d", ifnum);
>  
> -	data = serial->private = kzalloc(sizeof(struct usb_wwan_intf_private),
> -					 GFP_KERNEL);
> -	if (!data)
> -		return -ENOMEM;
> -
> -	spin_lock_init(&data->susp_lock);
> -

Moving this to the end is fine.

> @@ -140,7 +135,7 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
>  					retval);
>  				retval = -ENODEV;
>  			}
> -			return retval;
> +			goto out;

But this doesn't need to be changed, right?
Or this.

>  		}
>  		break;
>  
> @@ -156,17 +151,26 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
>  					retval);
>  				retval = -ENODEV;
>  			}
> -			return retval;
> +			goto out;

Or this?

>  		}
>  		break;
>  
>  	default:
>  		dev_err(&serial->dev->dev,
>  			"unknown number of interfaces: %d\n", nintf);
> -		return -ENODEV;

Hm. maybe.

>  	}
>  
> -	return retval;
> +out:
> +	if (retval)
> +		return retval;
> +
> +	data = serial->private = kzalloc(sizeof(struct usb_wwan_intf_private),
> +					 GFP_KERNEL);
> +	if (!data)
> +		return -ENOMEM;
> +
> +	spin_lock_init(&data->susp_lock);
> +	return 0;

I guess it's ok, I just don't like doing data initialization on the
"out" path, it's messy.

Care to neaten this up a bit more and resend it?  Perhaps just free the
memory on the error path instead of moving it later on?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ