Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2059421imm; Sat, 16 Jun 2018 08:48:44 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLKEahEY/BlVRLKHhieF3uLwcVly4LE794YEinPbWDTG/TZMi9I7WIUjoyp3Q6m1wx/QPd3 X-Received: by 2002:a17:902:5a87:: with SMTP id r7-v6mr6932819pli.78.1529164124770; Sat, 16 Jun 2018 08:48:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529164124; cv=none; d=google.com; s=arc-20160816; b=riFSTCIdgL2YzcVxMw21RzakXzHWPWmVvFuq1/U5V6vUNKIh0HE7YSzTgay6a3A9X9 ZNS0vgzCfpIj882GPvfbhuaXlN+VcLLogWmHQd1dfdeuma8fOtQW8UbJ4rp8w0dHV3hO Y1Y78swoSfUiW4R3Wl8CjwTw28RbqEiO/CCtYuDq29h2H1CMJR6tTWNvriOT8FRnbute PTJWH58h2WHb9ggZ+aJWm1A4qKnbU3uLjwL8nbwHAea+5tZgfKaVFlGsg2+XAYYTI8hL W6ARiWckc7gFg5JQizEnFKv3kXmKJ5ca8J2ViJYpIFTCM8welf3WPsFj1axDPe61E5MB CSsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:in-reply-to:message-id:date :subject:cc:from:dkim-signature:arc-authentication-results; bh=QmQWerMdO8XKmMjfwUJ+qFXRhXoKD+Yz6eOAMPMLwTw=; b=gpnHIW33AynZ5sgRtzM0PrHnxtBSAAbeSh0ozaac6TBcRmrkKgMzqB4XfXCN0D5Spl oCLz8kETjH+wEx5k41spq3QJ7E6W4aM5wWhnFKAbGtct1PhrTU3gtvh2fRaus7HmrQde f+CHvg/J/YFPHCuTns0E3LtIZdy+QuHMM4aAnpTP7pNzgU0fiBqSZHIj9KQs0dq0l0XZ olgGnlyxDAEim4kw06Uh/8VPX8roxNZBhSlx4RXNMxhPqdffioaS7uPijmU5QCQlVT5E oRGf9EHZ/GCjGiKEKf0ZppO/EKma9rotAQahEh4kdnYMdciB45bUgfhZeX3nZjJ5OuXv fCFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=g98B75O9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1-v6si10561415plo.20.2018.06.16.08.48.29; Sat, 16 Jun 2018 08:48:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=g98B75O9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756845AbeFPPsF (ORCPT + 99 others); Sat, 16 Jun 2018 11:48:05 -0400 Received: from mail-pl0-f67.google.com ([209.85.160.67]:33698 "EHLO mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754184AbeFPPsD (ORCPT ); Sat, 16 Jun 2018 11:48:03 -0400 Received: by mail-pl0-f67.google.com with SMTP id 6-v6so6301049plb.0 for ; Sat, 16 Jun 2018 08:48:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QmQWerMdO8XKmMjfwUJ+qFXRhXoKD+Yz6eOAMPMLwTw=; b=g98B75O97cyTD2fBcwyXFAzZt0WzLiOR7goQHZmA/SYOU2l4CiXApk8wLduSnH/Htb xlhJrwRig1QM6M6PcMH0w4Tm8CD8G45UNzfuxSfKAnAIUs6l5gpbkz8N1D6HFez0/FT5 /S+HbN1QxRmUObZ4LFE3Jy/Aw2VKomZY0mgXyZjduQKT1XBtCOwp+1YtzqNr2Cz69Oxx TCixVfNuHsCzH1YelrOxPJf8vYhtfqJke315PBrChtTpaxbJzjYYPFRJtwobmh5y77Tg KI8csJkDrPnCYkn4HjhRjUsuYC6nD8bg6Kl1u5/VOB98JQ+C/lM3fp7LnhW7MxPDZAQ8 diWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QmQWerMdO8XKmMjfwUJ+qFXRhXoKD+Yz6eOAMPMLwTw=; b=H6RlFHlsdWkIXCjaZEBGPqraGqvvY80WOG6ie6ZF6jebBllqWD+0dR3dk4EM+tT0EX 3h4gJCKEvlUmuIgxYmDIGIVPnubreTMPO1QuZPEWTDBTqMj1ccFK83/1e3trI6PJmd3V mAJpFIgJfuWH8QKIwD2oEqR+M4pMAFabxhwPdc9PIrmCI5VFAQqNOiTlcqiF5MgnWsb/ UabGClxXucotBz90Fay5uLnaVw/GI4UjyJQE56nTUXSPeSvi/W772a2sM6DEuk94Nw4z VqLB3o/ye5i44jXZrKfs5M6BWES+4U4bQPOWWyaYe6eKawLH4bxmTsAETKN7H6JD7kou PA1w== X-Gm-Message-State: APt69E0u+5TTQvor8dDHEIwYZkzKZXqWCgjxyKCCcyJ6ioFllueT60cH E1ZakLFf7LmnnQK/pOsPWwY= X-Received: by 2002:a17:902:2f43:: with SMTP id s61-v6mr6987256plb.274.1529164083469; Sat, 16 Jun 2018 08:48:03 -0700 (PDT) Received: from localhost ([103.88.46.82]) by smtp.gmail.com with ESMTPSA id z28-v6sm17486091pfl.169.2018.06.16.08.48.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 16 Jun 2018 08:48:02 -0700 (PDT) From: Zhouyang Jia Cc: Zhouyang Jia , Greg Kroah-Hartman , Christophe JAILLET , Shreeya Patel , Colin Ian King , Jia-Ju Bai , Kees Cook , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org Subject: [PATCH v5] staging: rtl8192u: add error handling for usb_alloc_urb Date: Sat, 16 Jun 2018 23:47:50 +0800 Message-Id: <1529164073-63349-1-git-send-email-jiazhouyang09@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1528705874-34845-1-git-send-email-jiazhouyang09@gmail.com> References: <1528705874-34845-1-git-send-email-jiazhouyang09@gmail.com> To: unlisted-recipients:; (no To-header on input) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When usb_alloc_urb fails, the lack of error-handling code may cause unexpected results. This patch adds error-handling code after calling usb_alloc_urb, and fixes memory leaks in error paths. Signed-off-by: Zhouyang Jia --- v1->v2: - Fix memory leak. v2->v3: - Release memory in error path. v3->v4: - Use kcalloc instead of kmalloc_array. v4->v5: - Free priv->rx_urb[i]->transfer_buffer and priv->oldaddr. --- drivers/staging/rtl8192u/r8192U_core.c | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c index 7a0dbc0..9413f29 100644 --- a/drivers/staging/rtl8192u/r8192U_core.c +++ b/drivers/staging/rtl8192u/r8192U_core.c @@ -1639,8 +1639,9 @@ short rtl8192_tx(struct net_device *dev, struct sk_buff *skb) static short rtl8192_usb_initendpoints(struct net_device *dev) { struct r8192_priv *priv = ieee80211_priv(dev); + int i; - priv->rx_urb = kmalloc(sizeof(struct urb *) * (MAX_RX_URB + 1), + priv->rx_urb = kcalloc(MAX_RX_URB + 1, sizeof(struct urb *), GFP_KERNEL); if (!priv->rx_urb) return -ENOMEM; @@ -1649,12 +1650,12 @@ static short rtl8192_usb_initendpoints(struct net_device *dev) for (i = 0; i < (MAX_RX_URB + 1); i++) { priv->rx_urb[i] = usb_alloc_urb(0, GFP_KERNEL); if (!priv->rx_urb[i]) - return -ENOMEM; + goto out_release_urb; priv->rx_urb[i]->transfer_buffer = kmalloc(RX_URB_SIZE, GFP_KERNEL); if (!priv->rx_urb[i]->transfer_buffer) - return -ENOMEM; + goto out_release_urb; priv->rx_urb[i]->transfer_buffer_length = RX_URB_SIZE; } @@ -1666,9 +1667,13 @@ static short rtl8192_usb_initendpoints(struct net_device *dev) void *oldaddr, *newaddr; priv->rx_urb[16] = usb_alloc_urb(0, GFP_KERNEL); + if (!priv->rx_urb[16]) + goto out_release_urb; + priv->oldaddr = kmalloc(16, GFP_KERNEL); if (!priv->oldaddr) - return -ENOMEM; + goto out_release_urb; + oldaddr = priv->oldaddr; align = ((long)oldaddr) & 3; if (align) { @@ -1686,17 +1691,26 @@ static short rtl8192_usb_initendpoints(struct net_device *dev) priv->pp_rxskb = kcalloc(MAX_RX_URB, sizeof(struct sk_buff *), GFP_KERNEL); if (!priv->pp_rxskb) { - kfree(priv->rx_urb); - - priv->pp_rxskb = NULL; - priv->rx_urb = NULL; - DMESGE("Endpoint Alloc Failure"); - return -ENOMEM; + goto out_release_oldaddr; } netdev_dbg(dev, "End of initendpoints\n"); return 0; + +out_release_oldaddr: + kfree(priv->oldaddr); + +out_release_urb: + for (i = 0; i < (MAX_RX_URB + 1); i++) { + if (priv->rx_urb[i]) { + kfree(priv->rx_urb[i]->transfer_buffer); + kfree(priv->rx_urb[i]); + } + } + kfree(priv->rx_urb); + priv->rx_urb = NULL; + return -ENOMEM; } #ifdef THOMAS_BEACON -- 2.7.4