Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4144747pxj;
        Tue, 25 May 2021 01:10:19 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzSMmGAZIeBUwq3da8If9xC7PpkjI7QQqGW99VbWyw+8IGtQiasrTINLj32qkI+EPgA8Qwt
X-Received: by 2002:a92:4a12:: with SMTP id m18mr2567230ilf.156.1621930218997;
        Tue, 25 May 2021 01:10:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1621930218; cv=none;
        d=google.com; s=arc-20160816;
        b=lmpqBqCJ7aJCEHcR4PZ913fQJqBElDBWxw9yqrnxWjsv5F/WU6RwPzUVZaChNEdkM8
         6RXx41t+IgIBTnfxE9I1aZPaFgUc7fipeXQFWT2uBELIg6vwqbabqPwxZFOyc6lMZKBt
         3x5leWUjYIeGAnoTRj7pxbnx/RVumNqvaQRjHUVAVQzbfggfhPfRKAPtmXly7y5bjmhO
         20o/Zz9ClHh/ANErnuUzSOsXp4izA0bjupVgTO9O10d0TzsNDUSOkulTGhcsjBga6v3V
         cjzWHqboqVOtkgnSKFN0m46GPE8LrIxmFuHwOi2IReugydDiN/1+bBU+WwthmC1jba3X
         Ggbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:references:in-reply-to
         :subject:cc:to:from:message-id:date:dkim-signature:dkim-signature;
        bh=9un4IKganlZMcLCm9ZMn/Qibi54b+/iSeKlbK6QKBKY=;
        b=sWas3Uny6S6B9RyT9lSjzWQMC9pd/k66DldrmOD8TqhDtp/AmX+uRMC5UlvYQ83GKI
         /wyAP4Ks16P5Y9hxkak/q1o8tVZLjKkekmw3UJe4OjLk+wKCLpA10N9OClyE3mWmqFQw
         3cOOl7iBtAnaQnTusRC7LiYVRguKr7BHUnbLIJHCJZqZ7uotwPGvDhkcuvXMzsyLT/78
         Lt8LRoHhrkaTULe79EGD7QtLcM21JBfByE50mRjdkwlHP9BQXIPVa5B/s7ciYm1ycOl7
         IUVeJsk4y2Tbx0de4CxD96I09e4vWYKN6kno1i+pBjriKOs6cTcewSJ/Vc2dhaacqkUT
         E1uA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=0BGiOZM0;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=KQGI6Va6;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id o2si17374309jaa.70.2021.05.25.01.10.06;
        Tue, 25 May 2021 01:10:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=0BGiOZM0;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=KQGI6Va6;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231460AbhEYHGt (ORCPT <rfc822;luizmacielfranco@gmail.com>
        + 99 others); Tue, 25 May 2021 03:06:49 -0400
Received: from mx2.suse.de ([195.135.220.15]:34562 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S230366AbhEYHGn (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 25 May 2021 03:06:43 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1621926313; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=9un4IKganlZMcLCm9ZMn/Qibi54b+/iSeKlbK6QKBKY=;
        b=0BGiOZM0wNdlDFfuUhoJQv6bo+JJbg62d1e/gDvGQtgMudhGyPg8Rf6kPW9VMi/WNOusgk
        ZYolP6kQwU74FyCI5igZlOPv9EBOKtfF2VsImR/vG6ADM0iaVgfhBRd1XIoBB8CRDqC/Sp
        LWEvb0aRZLqwaOPeGIv6KI+SGNXEtFw=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1621926313;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=9un4IKganlZMcLCm9ZMn/Qibi54b+/iSeKlbK6QKBKY=;
        b=KQGI6Va6d6YerX9zikjPqYHTuNn4hcLqyoOR/lfEpezjAERihaT7N3Zq6d6D7tN0Q8VPbh
        1rBb/n8wsqbSILAQ==
Received: from relay2.suse.de (unknown [195.135.221.27])
        by mx2.suse.de (Postfix) with ESMTP id 5E34FAE92;
        Tue, 25 May 2021 07:05:13 +0000 (UTC)
Date:   Tue, 25 May 2021 09:05:13 +0200
Message-ID: <s5hh7ire1jq.wl-tiwai@suse.de>
From:   Takashi Iwai <tiwai@suse.de>
To:     Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc:     Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Oliver Neukum <oneukum@suse.com>,
        Vasily Khoruzhick <anarsoul@gmail.com>,
        alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ALSA: line6: Improve poor error handling in line6_init_cap_control
In-Reply-To: <20210524173644.GA116662@hyeyoo>
References: <20210524173644.GA116662@hyeyoo>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3
 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 24 May 2021 19:36:44 +0200,
Hyeonggon Yoo wrote:
> 
> line6_init_cap_control doesn't free resources properly when allocations
> like kmalloc, usb_alloc_urb fails. It can cause memory leak when some
> allocations succeed, and then an error occurs.
> 
> This patch makes line6_init_cap_control to properly free the resources,
> freeing previously allocated resources when there's an error.
> 
> Signed-off-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
> ---
>  sound/usb/line6/driver.c | 36 +++++++++++++++++++++++++++---------
>  1 file changed, 27 insertions(+), 9 deletions(-)
> 
> diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c
> index 9602929b7de9..6991cb855023 100644
> --- a/sound/usb/line6/driver.c
> +++ b/sound/usb/line6/driver.c
> @@ -688,34 +688,52 @@ static int line6_init_cap_control(struct usb_line6 *line6)
>  
>  	/* initialize USB buffers: */
>  	line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL);
> -	if (!line6->buffer_listen)
> -		return -ENOMEM;
> +	if (!line6->buffer_listen) {
> +		ret = -ENOMEM;
> +		goto fail_ret;
> +	}
>  
>  	line6->urb_listen = usb_alloc_urb(0, GFP_KERNEL);
> -	if (!line6->urb_listen)
> -		return -ENOMEM;
> +	if (!line6->urb_listen) {
> +		ret = -ENOMEM;
> +		goto fail1;
> +	}
>  
>  	if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) {
>  		line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL);
> -		if (!line6->buffer_message)
> -			return -ENOMEM;
> +		if (!line6->buffer_message) {
> +			ret = -ENOMEM;
> +			goto fail2;
> +		}
>  
>  		ret = line6_init_midi(line6);
>  		if (ret < 0)
> -			return ret;
> +			goto fail3;
>  	} else {
>  		ret = line6_hwdep_init(line6);
>  		if (ret < 0)
> -			return ret;
> +			goto fail2;
>  	}
>  
>  	ret = line6_start_listen(line6);
>  	if (ret < 0) {
>  		dev_err(line6->ifcdev, "cannot start listening: %d\n", ret);
> -		return ret;
> +		if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI)
> +			goto fail3;
> +		else
> +			goto fail2;
>  	}
>  
>  	return 0;
> +
> +fail3:
> +	kfree(line6->buffer_message);
> +fail2:
> +	usb_free_urb(line6->urb_listen);
> +fail1:
> +	kfree(line6->buffer_listen);
> +fail_ret:
> +	return ret;
>  }

Those resources are freed in the common destructor of the card
instance, line6_destruct(), at disconnect callback, so it's redundant
to release them here; even worse, since you haven't re-initialize with
NULL, this change would lead to double-free.


thanks,

Takashi