Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3646792pxb; Mon, 1 Feb 2021 00:23:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJxboAOJWj6nT5vDM+rFdoQ7Y7IlYdWWzn6Nwj5YDyABesnOcQj4BSGfmLNSoN5lUTnU/plp X-Received: by 2002:a05:6402:1118:: with SMTP id u24mr674949edv.386.1612167838650; Mon, 01 Feb 2021 00:23:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612167838; cv=none; d=google.com; s=arc-20160816; b=hdzzbtZMujB/L1XB3f/Kfwqt868x8uI+wStwbZLPfxIFxtj/du9tfj3w80GA2wrlYE 1Qxbsv3ldfRkITrKGnqS2w/g+sM59AoevLRBf6RKMzX3xxFiRBpXaA3xOFP9DvVy/RCv sE3beOB7sn7s3HNNPR+BybTvv6LiFc9ckE3TOpqHfSbweeildeT7cSfPlpY0GdP971fD X/K9fnBIqW1PrAvIZ34jCnN6gX8C6EILnjprG3S+yAy9DAyVeAVO03Pj2bKnDLCN+aU0 MGTMyUiba2HV3N7fIXVu62Z9SPZsOgono09kLKQ/Da8n5J+urDnUxJ7lPudtcQ5xeeMe XiiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:in-reply-to :subject:cc:to:from:message-id:date; bh=19mII5B6Vuduotn6JvZ6Fp3cx7K9o2QUNfQvs7gch1E=; b=p8wT7fjSgH6Vcd/ZUzTpnFGuXV3w147uPoZEiK2hdTA8Q9OSkSd6fzPa7tIJZarVxA qJ8TwTd5NPmr8/BXlL9JuVInsm34KGasOZdLq16iaKfr8PmcCiaJcaYa9Il19bhehz9c NuopTB1xcuIqLQG2UM4Eognh5ehD1qqeI3M3ihsI7rDxVrMzrRuFTIY0Xas7jBRLO06C NMB4jTt0YH9Zfo41R2uV4eg08tG8NemvF0CO6mDEyWVy5qkQawQz/fnCLn2z7eCkX7EB EPnFia7bKlOphOFseSBnKfvC00JXWir5SRCOrxkVK2hzx7NyUW94b5NBXOScO+JjBVQt UAdQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z22si10855173edq.495.2021.02.01.00.23.34; Mon, 01 Feb 2021 00:23:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232484AbhBAITQ (ORCPT + 99 others); Mon, 1 Feb 2021 03:19:16 -0500 Received: from mx2.suse.de ([195.135.220.15]:48684 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229558AbhBAITO (ORCPT ); Mon, 1 Feb 2021 03:19:14 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 76CFFAEAC; Mon, 1 Feb 2021 08:18:32 +0000 (UTC) Date: Mon, 01 Feb 2021 09:18:32 +0100 Message-ID: From: Takashi Iwai To: Sean Young Cc: Mauro Carvalho Chehab , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, Stefan Seyfried Subject: Re: [PATCH 1/2] media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() In-Reply-To: <20210131145320.GA4886@gofer.mess.org> References: <20210120102057.21143-1-tiwai@suse.de> <20210120102057.21143-2-tiwai@suse.de> <20210131145320.GA4886@gofer.mess.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 31 Jan 2021 15:53:20 +0100, Sean Young wrote: > > On Wed, Jan 20, 2021 at 11:20:56AM +0100, Takashi Iwai wrote: > > dvb_usb_device_init() allocates a dvb_usb_device object, but it > > doesn't release it even when returning an error. The callers don't > > seem caring it as well, hence those memories are leaked. > > > > This patch assures releasing the memory at the error path in > > dvb_usb_device_init(). Also it makes sure that USB intfdata is reset > > and don't return the bogus pointer to the caller at the error path, > > too. > > > > Cc: > > Signed-off-by: Takashi Iwai > > --- > > drivers/media/usb/dvb-usb/dvb-usb-init.c | 18 ++++++++++++------ > > 1 file changed, 12 insertions(+), 6 deletions(-) > > > > diff --git a/drivers/media/usb/dvb-usb/dvb-usb-init.c b/drivers/media/usb/dvb-usb/dvb-usb-init.c > > index c1a7634e27b4..5befec87f26a 100644 > > --- a/drivers/media/usb/dvb-usb/dvb-usb-init.c > > +++ b/drivers/media/usb/dvb-usb/dvb-usb-init.c > > @@ -281,15 +281,21 @@ int dvb_usb_device_init(struct usb_interface *intf, > > > > usb_set_intfdata(intf, d); > > > > - if (du != NULL) > > + ret = dvb_usb_init(d, adapter_nums); > > dvb_usb_init() has different errors paths. > > 1. It can return -ENOMEM if it cannot kzalloc(). No other side affects. > 2. It can return an error if dvb_usb_i2c_init() or dvb_usb_adapter_init() > fails. In this case, dvb_usb_exit() is called, which frees > struct dvb_usb_device* > > In the last case we now have a double free. A good catch, indeed the function has inconsistent behavior. I'll update the patch and resubmit to address it. thanks, Takashi