lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87fu061ch2.fsf@linux.intel.com>
Date:   Thu, 26 Jul 2018 14:08:09 +0300
From:   Felipe Balbi <balbi@...nel.org>
To:     Xidong Wang <wangxidong_97@....com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Johan Hovold <johan@...nel.org>,
        Michal Nazarewicz <mina86@...a86.com>,
        Vincent Pelletier <plr.vincent@...il.com>
Cc:     wangxidong_97@....com, linux-usb@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] usb:gadget:function:fix memory leak


hi,

Xidong Wang <wangxidong_97@....com> writes:
> In function f_audio_set_alt(), the memory allocated by
> usb_ep_alloc_request() is not released on the error path
> that req->buf, which holds the return value of kzalloc(),
> is NULL. This will result in a memory leak bug.
>
> Signed-off-by: Xidong Wang <wangxidong_97@....com>
> ---
>  drivers/usb/gadget/function/f_uac1_legacy.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/gadget/function/f_uac1_legacy.c b/drivers/usb/gadget/function/f_uac1_legacy.c
> index 24c086b..2fcdade 100644
> --- a/drivers/usb/gadget/function/f_uac1_legacy.c
> +++ b/drivers/usb/gadget/function/f_uac1_legacy.c
> @@ -630,8 +630,11 @@ static int f_audio_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
>  							ERROR(cdev,
>  							"%s queue req: %d\n",
>  							out_ep->name, err);
> -					} else
> +					} else {
> +						usb_ep_free_request(
> +							out_ep, req);
>  						err = -ENOMEM;
> +					}

I feel like this hunk has been ping ponging between having
usb_ep_free_request() and not having it because completion callback will
call usb_ep_free_request() or something along those lines.

Can we get a final solution that solves all cases and doesn't introduce
other bugs?

-- 
balbi

Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ