Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751355AbdIWK6U (ORCPT ); Sat, 23 Sep 2017 06:58:20 -0400 Received: from mout.kundenserver.de ([212.227.126.130]:52478 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750766AbdIWK6S (ORCPT ); Sat, 23 Sep 2017 06:58:18 -0400 Date: Sat, 23 Sep 2017 12:57:33 +0200 (CEST) From: Stefan Wahren To: Greg Kroah-Hartman Cc: Aishwarya Pant , Phil Elwell , Eric Anholt , linux-kernel@vger.kernel.org, devel@driverdev.osuosl.org, Dan Carpenter , linux-rpi-kernel@lists.infradead.org Message-ID: <1488620757.209623.1506164253450@email.1und1.de> In-Reply-To: <1502446827-86427-1-git-send-email-phil@raspberrypi.org> References: <1502446827-86427-1-git-send-email-phil@raspberrypi.org> Subject: Re: [PATCH v2] staging: bcm2835-audio: Fix memory corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Medium X-Mailer: Open-Xchange Mailer v7.8.3-Rev33 X-Originating-Client: open-xchange-appsuite X-Provags-ID: V03:K0:jMsRKYwOw/VAmO1GIH/FBdNRBXozLItymSGYz2D1PvAflD6NGFp ZpvuTtmLM9u38Q/rnehfxPztHK1acf3rCuE7YNwfkO3wturjktCpeelIkRuWC+tQzJGObpZ RkEFBHbMduwaAvCXkGB+1OnnhWAxA/k/jfG9bMO6sVnWxZsbW5nABz6DnvP7vmzHpZQ8mdM CtVknHZSSJTudJUS4Ro1g== X-UI-Out-Filterresults: notjunk:1;V01:K0:Jazi46yDALY=:MJWX7TKjm4j2UxW2VgGWvZ /JaWRNrxlx+pWOsQTqjtb4QnDXyidy4cAVcnzBUEsjwnwY/eV+BcxqRPJQrQkhpn/Ly1Sa6rw HCiAy3I1qybO0nfXDKZF7xD/McsnZbDAoEluemLrYRNSw6SEDaGGPlcuIsumjzGQj0UWe30+9 V0maKn9AzYibrXInYdHspmxW80xsi3FLXsE6RG3eXZHKQ2jao99dNXru0tsJLto8g8X6n+Jfa 30RtPWRatJjKzRdQDnGtcsd9ojQbhCWMkDmsPPUc49BsfNC4kew+/KYLD+FA4qDNzDhYvdM1o fNDY8wWZRyLEF52yaaZ+GTwS3FGBSMofpfw2bODu4kTQkzlQcKnnJwPQr49P0k0ZyrLD8riQS w141HHYi5E2O97z+M3QZdheOgycKy6pUEW0PTLi9exLZVbbP7+1wRTU/HEMdvvw2jVZyiM3sQ IY2swmbVgJI9vAOqMO1qfroVBsLpGnQkZx/nnrVbsXgUxFdh1/KFau2bDZQ0g/vGJesVYOzWI WgfWnYnzY3zoCcfY8ouii8zCS7Gfl1lj38zcZKrfFSRZdY7kjK4c+qtSdaEdW3o27h9yCR/eW UUkKpIZdFk8jQwubiPre0kp7CEU4I8Op6U4lIiJfnRgFZAYEMmtBA4Pa7meOdj8VWlbLiIzF0 ISMfjX+kJrj0Kpi1x7YJnVmMqjLNnFzXSRmD2CYbF5kKs7Mp8P2bme09xlxXL9mxTOq6UmIO7 sANs1G/nXcWjZHaiugnl51FJzv9a9ayap+l53FYEUQJ9BxDS/0E0a9JjsNg= Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2791 Lines: 86 Hi Greg, > Phil Elwell hat am 11. August 2017 um 12:20 geschrieben: > > > The previous commit (0adbfd46) fixed a memory leak but also freed a > block in the success case, causing a stale pointer to be used with > potentially fatal results. Only free the vchi_instance block in the > case that vchi_connect fails; once connected, the instance is > retained for subsequent connections. > > Simplifying the code by removing a bunch of gotos and returning errors > directly. > > Signed-off-by: Phil Elwell > Fixes: 0adbfd4694c2 ("staging: bcm2835-audio: fix memory leak in bcm2835_audio_open_connection()") can you still apply this patch or do you need a resend? > --- > [Resend with v2 in subject] > v2: Simplified following feedback from Dan Carpenter. > --- > .../vc04_services/bcm2835-audio/bcm2835-vchiq.c | 19 +++++++------------ > 1 file changed, 7 insertions(+), 12 deletions(-) > > diff --git a/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c b/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c > index 5f3d8f2..4be864d 100644 > --- a/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c > +++ b/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c > @@ -390,8 +390,7 @@ static int bcm2835_audio_open_connection(struct bcm2835_alsa_stream *alsa_stream > __func__, instance); > instance->alsa_stream = alsa_stream; > alsa_stream->instance = instance; > - ret = 0; // xxx todo -1; > - goto err_free_mem; > + return 0; > } > > /* Initialize and create a VCHI connection */ > @@ -401,16 +400,15 @@ static int bcm2835_audio_open_connection(struct bcm2835_alsa_stream *alsa_stream > LOG_ERR("%s: failed to initialise VCHI instance (ret=%d)\n", > __func__, ret); > > - ret = -EIO; > - goto err_free_mem; > + return -EIO; > } > ret = vchi_connect(NULL, 0, vchi_instance); > if (ret) { > LOG_ERR("%s: failed to connect VCHI instance (ret=%d)\n", > __func__, ret); > > - ret = -EIO; > - goto err_free_mem; > + kfree(vchi_instance); > + return -EIO; > } > initted = 1; > } > @@ -421,19 +419,16 @@ static int bcm2835_audio_open_connection(struct bcm2835_alsa_stream *alsa_stream > if (IS_ERR(instance)) { > LOG_ERR("%s: failed to initialize audio service\n", __func__); > > - ret = PTR_ERR(instance); > - goto err_free_mem; > + /* vchi_instance is retained for use the next time. */ > + return PTR_ERR(instance); > } > > instance->alsa_stream = alsa_stream; > alsa_stream->instance = instance; > > LOG_DBG(" success !\n"); > - ret = 0; > -err_free_mem: > - kfree(vchi_instance); > > - return ret; > + return 0; > } > > int bcm2835_audio_open(struct bcm2835_alsa_stream *alsa_stream) > -- > 1.9.1 >