Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp1016737imm; Fri, 15 Jun 2018 09:49:40 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKlHjubNdiTXepAnuSOaI8p6lcsRVEW+n9lYs2GuN5RuAinUR6BPsW+EzJh6Fb2M9aVVstV X-Received: by 2002:a63:7983:: with SMTP id u125-v6mr2284475pgc.267.1529081380517; Fri, 15 Jun 2018 09:49:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529081380; cv=none; d=google.com; s=arc-20160816; b=Jxod3lMiEGh6Hq93muafvAW51KQgktOaR50YHFz1JJ8CGlBfg3EbDSnU8nHSnAQRa/ Y3+R60jNQIRtBkaXaltXij6FpMHe3xjxFu7PVtGF9Mdrad2gnbKce0R6sibXEQBR8oNu bq2w3JajHtVw+Mq7M3FMa8CYjY8MENys6ix/aDK4cRGxNflm31M5t/aHTSPZ+37Gnc/g mm9+vrm+kSqGzV/WqMi4iDzWIF6wVyyAdmLoILpvcRW7yj2QALLnUKdFRQoTjs7m0jPd wlj8KlQnmK9/sfrf5ajQtIdOclH1OAT7ecPEgwCs0gBSQKVoOuviBb4x4CB0AxcYXirN dnkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=C4yWl+FjQqS3jy6FxhKxiQw2Scy2HS26EiEKafxZJ8w=; b=rspkrq+mdSbgla0qez6T8P71XrSQSgLsK1evYC7jLvFCnDwBAJNKogs/9UXS7fr6P9 +pqgRtxIM0mLK3uyyEsjPATKy9mbcgIch+MhrPwk25dNU+UCaYKwXP9f8/+CmV1EHZOZ 09P/t9Ssx5bl/XQtw1uhLtnxHN2nHgLUrnEr74lij9C546glo22MsMzCiXapSfHct3nb amFAkLSR+z28z8ZWuZ43wqTZxXkydlNAD0nZAjHxvlgc2S2E1gEt6nfGiAA/MLhuHNFn 761/dkkys7j5gNW6bO6nFrSLLiEvzrHIHyCCjFpnXc2/ducu29BCN6EyjyeDi+ozY7SN cRhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=jozJvKz5; dkim=fail header.i=@chromium.org header.s=google header.b=EH4I3Vq6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 75-v6si8238635pfw.130.2018.06.15.09.49.26; Fri, 15 Jun 2018 09:49:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=jozJvKz5; dkim=fail header.i=@chromium.org header.s=google header.b=EH4I3Vq6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966407AbeFOQrc (ORCPT + 99 others); Fri, 15 Jun 2018 12:47:32 -0400 Received: from mail-yw0-f194.google.com ([209.85.161.194]:36600 "EHLO mail-yw0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966388AbeFOQrR (ORCPT ); Fri, 15 Jun 2018 12:47:17 -0400 Received: by mail-yw0-f194.google.com with SMTP id t198-v6so3556752ywc.3 for ; Fri, 15 Jun 2018 09:47:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=C4yWl+FjQqS3jy6FxhKxiQw2Scy2HS26EiEKafxZJ8w=; b=jozJvKz5qEmci67/cy7X+AC1pZBj4LpASI6hXZCBwMriYgFoertH9cWFzfa6GhjdYR XR9zHWImI1sWPXfkU2BO4495mzq/8h9T2He9s+d0SBL8VtCPf8xTdxxZpBT/1cj/yZyb WcO4NWGq8qOhjhUDu7zBoklGrwiyoulmWj0UFcoYzGdMyYet/c8DCaYbhWACWmwxBOgn +x5rbed+XtJ+33ZVf8CMU6WLbs1MUMWyyoGAX2HRErv8hCqd5UCUCRg67L3vluXQuv7V 4sbNZ12V1Rsn+9+E5pjd07TcMscN3acpxVdnxFUdGd1G9z/HTquSF6g9m9NKWxz0S9fD JjxQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=C4yWl+FjQqS3jy6FxhKxiQw2Scy2HS26EiEKafxZJ8w=; b=EH4I3Vq66cLrtxPk0vUSrP5IVEXifoR/fxVcwvaZ7Xs2v4Kzi0zHznVQWwlklGlgkw uWDztmFic6UtXySNH4qxVx7Bi6elbAcViIrIy+ZRonyoNZo5joeCwrtKPLyCtpVHjshc 7SNqj9QQ4xStKvaiAfRIXuGAXyWqb9d9PmeqY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=C4yWl+FjQqS3jy6FxhKxiQw2Scy2HS26EiEKafxZJ8w=; b=Ynb8erLZ9iuyHfTzGl+iCImPAwJQHRVCB+jsq5Fn7L/cCzX+rplvoC+83UD0PkqS4k vBoT6DjiKktEGprAc2HeAj+lga4kt/FLQy7TensSr5OVvtWDQWoa6380W96cIe7j7R/P t4MUwdYRCmaFbzJwb8CTg/Wdzewm/zCDilLik8OGIMheNPbAsO8Xil87hLp+RMqfDwT5 RwqPf0tZ+P43+lYsbKqh2Ph1MN1tdM2Obo0ISpovcHNfRvH0BFinttig2xkIdIGdpwwu EUkVofyyPi4a/HWpyk+rAsoGbCkLdlsOB6BWxnR/wGwQ0Wluvj1oVAn1tgFDU+xuosvO vPAA== X-Gm-Message-State: APt69E2cpFzYo7eiH/VdbLbZM1SnB9YYI9YmIuWFSoynRoWFfLO5gJMT 4ADZh4KTrI7hfUEUJySCTeQB4tWRwCa/ctVhUuegVQ== X-Received: by 2002:a81:8743:: with SMTP id x64-v6mr1242496ywf.129.1529081236855; Fri, 15 Jun 2018 09:47:16 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d6c5:0:0:0:0:0 with HTTP; Fri, 15 Jun 2018 09:47:16 -0700 (PDT) In-Reply-To: <20180615163322.GB11493@kroah.com> References: <1528705874-34845-1-git-send-email-jiazhouyang09@gmail.com> <1529079930-58587-1-git-send-email-jiazhouyang09@gmail.com> <20180615163322.GB11493@kroah.com> From: Kees Cook Date: Fri, 15 Jun 2018 09:47:16 -0700 X-Google-Sender-Auth: ZDp2blY8A-Wc4FpJ7clbWu5zKTE Message-ID: Subject: Re: [PATCH v2] staging: rtl8192u: add error handling for usb_alloc_urb To: Greg Kroah-Hartman Cc: Zhouyang Jia , devel@driverdev.osuosl.org, LKML , Jia-Ju Bai , Christophe JAILLET , Shreeya Patel , Colin Ian King Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 15, 2018 at 9:33 AM, Greg Kroah-Hartman wrote: > On Sat, Jun 16, 2018 at 12:25:23AM +0800, Zhouyang Jia wrote: >> When usb_alloc_urb fails, the lack of error-handling code may >> cause unexpected results. >> >> This patch adds error-handling code after calling usb_alloc_urb. >> >> Signed-off-by: Zhouyang Jia >> --- >> v1->v2: >> - Fix memory leak. >> --- >> drivers/staging/rtl8192u/r8192U_core.c | 18 +++++++++++++++--- >> 1 file changed, 15 insertions(+), 3 deletions(-) >> >> diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c >> index 7a0dbc0..6afab4e 100644 >> --- a/drivers/staging/rtl8192u/r8192U_core.c >> +++ b/drivers/staging/rtl8192u/r8192U_core.c >> @@ -1648,13 +1648,17 @@ static short rtl8192_usb_initendpoints(struct net_device *dev) >> #ifndef JACKSON_NEW_RX >> for (i = 0; i < (MAX_RX_URB + 1); i++) { >> priv->rx_urb[i] = usb_alloc_urb(0, GFP_KERNEL); >> - if (!priv->rx_urb[i]) >> + if (!priv->rx_urb[i]) { >> + kfree(priv->rx_urb); You're freeing rx_urb, which holds all the pointers to allocated memory. You'll need to free each item of the array before freeing the array itself: for (i = 0; i < (MAX_RX_URB + 1); i++) kfree(priv->rx_urb[i]); kfree(priv->rx_urb); I think you need some kind of helper to do this, and you can call into it from your error paths... -Kees > {sigh} > > No, you are still leaking memory on all of these changes that you just > made :( > > greg k-h -- Kees Cook Pixel Security