2022-09-12 03:02:22

by Xiaoke Wang

[permalink] [raw]
Subject: [PATCH v5] staging: r8188eu: add kfree() on an error path of rtw_xmit_resource_alloc()

From: Xiaoke Wang <[email protected]>

In rtw_xmit_resource_alloc(), if usb_alloc_urb() fails, then the memory
`pxmitbuf->pallocated_buf` which is allocated by kzalloc() is not properly
released before returning.
So this patch adds kfree() on the above error path to release it in time.

Tested-by: Philipp Hortmann <[email protected]> # Edimax N150
Signed-off-by: Xiaoke Wang <[email protected]>
---
ChangeLog:
v1->v2 update the description.
v2->v3 rebase.
v3->v4 update the description.
v4->v5 rebase and update the corresponding subject and description.
Note that the original function name was changed, so the subject of this
patch is updated from "[PATCH v4] staging: r8188eu: fix potential memory
leak in rtw_os_xmit_resource_alloc()" to "[PATCH v5] staging: r8188eu: add
kfree() on an error path of rtw_xmit_resource_alloc()".
In addition, thanks to Philipp Hortmann for his testing and advice.
drivers/staging/r8188eu/core/rtw_xmit.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c
index 67f9c05..9c39d08 100644
--- a/drivers/staging/r8188eu/core/rtw_xmit.c
+++ b/drivers/staging/r8188eu/core/rtw_xmit.c
@@ -44,8 +44,10 @@ static int rtw_xmit_resource_alloc(struct adapter *padapter, struct xmit_buf *px
pxmitbuf->dma_transfer_addr = 0;

pxmitbuf->pxmit_urb = usb_alloc_urb(0, GFP_KERNEL);
- if (!pxmitbuf->pxmit_urb)
+ if (!pxmitbuf->pxmit_urb) {
+ kfree(pxmitbuf->pallocated_buf);
return _FAIL;
+ }

return _SUCCESS;
}
--


2022-09-12 08:28:23

by Martin Kaiser

[permalink] [raw]
Subject: Re: [PATCH v5] staging: r8188eu: add kfree() on an error path of rtw_xmit_resource_alloc()

Thus wrote [email protected] ([email protected]):

> From: Xiaoke Wang <[email protected]>

> In rtw_xmit_resource_alloc(), if usb_alloc_urb() fails, then the memory
> `pxmitbuf->pallocated_buf` which is allocated by kzalloc() is not properly
> released before returning.
> So this patch adds kfree() on the above error path to release it in time.

> Tested-by: Philipp Hortmann <[email protected]> # Edimax N150
> Signed-off-by: Xiaoke Wang <[email protected]>
> ---
> ChangeLog:
> v1->v2 update the description.
> v2->v3 rebase.
> v3->v4 update the description.
> v4->v5 rebase and update the corresponding subject and description.
> Note that the original function name was changed, so the subject of this
> patch is updated from "[PATCH v4] staging: r8188eu: fix potential memory
> leak in rtw_os_xmit_resource_alloc()" to "[PATCH v5] staging: r8188eu: add
> kfree() on an error path of rtw_xmit_resource_alloc()".
> In addition, thanks to Philipp Hortmann for his testing and advice.
> drivers/staging/r8188eu/core/rtw_xmit.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)

> diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c
> index 67f9c05..9c39d08 100644
> --- a/drivers/staging/r8188eu/core/rtw_xmit.c
> +++ b/drivers/staging/r8188eu/core/rtw_xmit.c
> @@ -44,8 +44,10 @@ static int rtw_xmit_resource_alloc(struct adapter *padapter, struct xmit_buf *px
> pxmitbuf->dma_transfer_addr = 0;

> pxmitbuf->pxmit_urb = usb_alloc_urb(0, GFP_KERNEL);
> - if (!pxmitbuf->pxmit_urb)
> + if (!pxmitbuf->pxmit_urb) {
> + kfree(pxmitbuf->pallocated_buf);
> return _FAIL;
> + }

> return _SUCCESS;
> }
> --

Reviewed-by: Martin Kaiser <[email protected]>

2022-09-12 19:41:15

by Philipp Hortmann

[permalink] [raw]
Subject: Re: [PATCH v5] staging: r8188eu: add kfree() on an error path of rtw_xmit_resource_alloc()

On 9/12/22 04:50, [email protected] wrote:
> From: Xiaoke Wang <[email protected]>
>
> In rtw_xmit_resource_alloc(), if usb_alloc_urb() fails, then the memory
> `pxmitbuf->pallocated_buf` which is allocated by kzalloc() is not properly
> released before returning.
> So this patch adds kfree() on the above error path to release it in time.
>
> Tested-by: Philipp Hortmann <[email protected]> # Edimax N150
> Signed-off-by: Xiaoke Wang <[email protected]>
> ---
> ChangeLog:
> v1->v2 update the description.
> v2->v3 rebase.
> v3->v4 update the description.
> v4->v5 rebase and update the corresponding subject and description.
> Note that the original function name was changed, so the subject of this
> patch is updated from "[PATCH v4] staging: r8188eu: fix potential memory
> leak in rtw_os_xmit_resource_alloc()" to "[PATCH v5] staging: r8188eu: add
> kfree() on an error path of rtw_xmit_resource_alloc()".
> In addition, thanks to Philipp Hortmann for his testing and advice.
> drivers/staging/r8188eu/core/rtw_xmit.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c
> index 67f9c05..9c39d08 100644
> --- a/drivers/staging/r8188eu/core/rtw_xmit.c
> +++ b/drivers/staging/r8188eu/core/rtw_xmit.c
> @@ -44,8 +44,10 @@ static int rtw_xmit_resource_alloc(struct adapter *padapter, struct xmit_buf *px
> pxmitbuf->dma_transfer_addr = 0;
>
> pxmitbuf->pxmit_urb = usb_alloc_urb(0, GFP_KERNEL);
> - if (!pxmitbuf->pxmit_urb)
> + if (!pxmitbuf->pxmit_urb) {
> + kfree(pxmitbuf->pallocated_buf);
> return _FAIL;
> + }
>
> return _SUCCESS;
> }

Tested-by: Philipp Hortmann <[email protected]> # Edimax N150