Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3331135yba;
        Sun, 28 Apr 2019 23:44:22 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzlgOQm4i9r++ypJA0oF4Cjmv+SsuxG5O0P5RrjCbTt1gO7m2a6QdW2ns5ptRZXtkk6CuR8
X-Received: by 2002:aa7:81cf:: with SMTP id c15mr10046020pfn.23.1556520262116;
        Sun, 28 Apr 2019 23:44:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556520262; cv=none;
        d=google.com; s=arc-20160816;
        b=z3Gj5FNf8w6bG+tw7VBjZB6w4qPkzelwzAkjlEx5GXCLOa0ja3T8dyCJBjYgW21Hmu
         Z0TvCT85JAvFIcyrpDJIs+cfTN3fRW4HWnrAgplNK+m46StCEEFDaMXM6N68f7jYv5Jc
         jpupzAnuwfeDlUMreQW4mAZOu/21GCMDwe3d/nhYSv5+M0e9n6jHxUaCIyA3jKWBZLNZ
         IlOSHZtVCwBaIjhcPkbmxBp1QXtrgeEbFnTr4ElMvf9p9X5tUPPEMAF3A6u066ZDlmEZ
         R7DaF0D4S90iwP0C+8VEOqJFkRzibk1aet3bQXlr6k1B2F5SnBC6LPIB72w6IWQYGVKh
         q7pA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:subject:cc:to:from:message-id:date;
        bh=HaT0CWZf/ohV9WnAIkef0iKd1yb/+VQY4F+MouJTjDY=;
        b=lRQ80RsFzblSRIK2s8wp2H+U+kqkK5sdQ6/uMd5Ox7XlCfVpJ/0tSSUIjio/W4e6Gq
         POHDVOXVQ1nmXC3Q2lQk2cRH6bjWSERz1A92EWxFgbHOuy9BtSRGQ5wtgRl0z73SMBFG
         JH53mEuCOPZYK+g5VDIwvvU1DcGjRlMjdcLivQE7cwFzW8+bg07zLM4zK2ZYsYNzSExo
         uFNuOyOa9DODk4gkFtsS7zBVwR9sVGyTgLzg0AtuE6sNSs9HYrnVMAv0msAuaH6rrwh1
         9hmOWIf7hvaHolCUz/E/w6JLJOy1SW7sfVuZZan/ACSyi7lCmJe/45ATJz/KvpA2mPZr
         YLGQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h7si30071741pgj.363.2019.04.28.23.44.07;
        Sun, 28 Apr 2019 23:44:22 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727484AbfD2Gmb (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Mon, 29 Apr 2019 02:42:31 -0400
Received: from mx2.suse.de ([195.135.220.15]:52612 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1727380AbfD2Gmb (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Apr 2019 02:42:31 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 5E7E2AE31;
        Mon, 29 Apr 2019 06:42:30 +0000 (UTC)
Date:   Mon, 29 Apr 2019 08:42:29 +0200
Message-ID: <s5h4l6hl3ca.wl-tiwai@suse.de>
From:   Takashi Iwai <tiwai@suse.de>
To:     Wenwen Wang <wang6495@umn.edu>
Cc:     "moderated list:SOUND" <alsa-devel@alsa-project.org>,
        Kees Cook <keescook@chromium.org>,
        Jaroslav Kysela <perex@perex.cz>,
        open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] ALSA: usx2y: fix a memory leak bug
In-Reply-To: <CAAa=b7f7MMJ=2PBxz8yYM6u2SX7T2-YnC37gbapc1f9HOPQdeA@mail.gmail.com>
References: <1556433754-3291-1-git-send-email-wang6495@umn.edu>
        <s5hd0l6mwbz.wl-tiwai@suse.de>
        <s5ha7g9l6ea.wl-tiwai@suse.de>
        <CAAa=b7f7MMJ=2PBxz8yYM6u2SX7T2-YnC37gbapc1f9HOPQdeA@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3
 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 29 Apr 2019 07:50:11 +0200,
Wenwen Wang wrote:
> 
> On Mon, Apr 29, 2019 at 12:36 AM Takashi Iwai <tiwai@suse.de> wrote:
> >
> > On Sun, 28 Apr 2019 09:18:40 +0200,
> > Takashi Iwai wrote:
> > >
> > > On Sun, 28 Apr 2019 08:42:32 +0200,
> > > Wenwen Wang wrote:
> > > >
> > > > In usX2Y_In04_init(), a new urb is firstly created through usb_alloc_urb()
> > > > and saved to 'usX2Y->In04urb'. Then, a buffer is allocated through
> > > > kmalloc() and saved to 'usX2Y->In04Buf'. After the urb is initialized, a
> > > > sanity check is performed for the endpoint in the urb by invoking
> > > > usb_urb_ep_type_check(). If the check fails, the error code EINVAL will be
> > > > returned. In that case, however, the created urb and the allocated buffer
> > > > are not freed, leading to memory leaks.
> > > >
> > > > To fix the above issue, free the urb and the buffer if the check fails.
> > > >
> > > > Signed-off-by: Wenwen Wang <wang6495@umn.edu>
> > >
> > > Applied now, thanks.
> >
> > ... and looking at the code again, this patch turned out to be wrong.
> > The in04 urb and transfer buffer are freed at card->private_free
> > callback (snd_usX2Y_card_private_free()) later, so this patch would
> > lead to double-free.
> 
> Thanks for your comment! Does that mean we should remove
> usb_free_urb() in the if statement of allocating 'usX2Y->In04Buf',
> because it may also lead to double free?

Yes, that's another superfluous code.


Takashi