| Message ID | 20230224092044.3332374-1-void0red@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | usb: gadget: udc: add return value check of kzalloc in mv_udc_probe | expand |
On Fri, Feb 24, 2023 at 5:28 PM void0red <void0red@gmail.com> wrote: > > From: Kang Chen <void0red@gmail.com> > > Even an 8-byte kzalloc will fail when we don't have enough memory, > so we need a nullptr check and do the cleanup when it fails. > > Reported-by: eriri <1527030098@qq.com> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=217081 > > Signed-off-by: Kang Chen <void0red@gmail.com> > --- > drivers/usb/gadget/udc/mv_udc_core.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/usb/gadget/udc/mv_udc_core.c b/drivers/usb/gadget/udc/mv_udc_core.c > index b397f3a84..6dd6d52de 100644 > --- a/drivers/usb/gadget/udc/mv_udc_core.c > +++ b/drivers/usb/gadget/udc/mv_udc_core.c > @@ -2230,6 +2230,10 @@ static int mv_udc_probe(struct platform_device *pdev) > > /* allocate a small amount of memory to get valid address */ > udc->status_req->req.buf = kzalloc(8, GFP_KERNEL); Hi Kang and gregkh, I think there is a memory leak in this kzalloc. It seems there is no deallocation for this allocated object. As the surrounding allocation statements suggest, we should turn kzalloc to devm_kzalloc. > + if (!udc->status_req->req.buf) { > + retval = -ENOMEM; > + goto err_destroy_dma; > + } > udc->status_req->req.dma = DMA_ADDR_INVALID; > > udc->resume_state = USB_STATE_NOTATTACHED; > -- > 2.34.1 >
Hi, Dongliang, I totally agree with you. I checked the other drivers using status_req->req.buf structure, they free the memory when the driver removed. But in this driver, I can't find such code. So, as you said, it needs a devm_kazlloc instead of a kzalloc to manage the memory and avoid a memory leak. Thanks for your correction. I will post a new patch later. Dongliang Mu <mudongliangabcd@gmail.com> 于2023年2月24日周五 19:06写道: > > On Fri, Feb 24, 2023 at 5:28 PM void0red <void0red@gmail.com> wrote: > > > > From: Kang Chen <void0red@gmail.com> > > > > Even an 8-byte kzalloc will fail when we don't have enough memory, > > so we need a nullptr check and do the cleanup when it fails. > > > > Reported-by: eriri <1527030098@qq.com> > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=217081 > > > > Signed-off-by: Kang Chen <void0red@gmail.com> > > --- > > drivers/usb/gadget/udc/mv_udc_core.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/drivers/usb/gadget/udc/mv_udc_core.c b/drivers/usb/gadget/udc/mv_udc_core.c > > index b397f3a84..6dd6d52de 100644 > > --- a/drivers/usb/gadget/udc/mv_udc_core.c > > +++ b/drivers/usb/gadget/udc/mv_udc_core.c > > @@ -2230,6 +2230,10 @@ static int mv_udc_probe(struct platform_device *pdev) > > > > /* allocate a small amount of memory to get valid address */ > > udc->status_req->req.buf = kzalloc(8, GFP_KERNEL); > > Hi Kang and gregkh, > > I think there is a memory leak in this kzalloc. It seems there is no > deallocation for this allocated object. > > As the surrounding allocation statements suggest, > we should turn kzalloc to devm_kzalloc. > > > + if (!udc->status_req->req.buf) { > > + retval = -ENOMEM; > > + goto err_destroy_dma; > > + } > > udc->status_req->req.dma = DMA_ADDR_INVALID; > > > > udc->resume_state = USB_STATE_NOTATTACHED; > > -- > > 2.34.1 > >
diff --git a/drivers/usb/gadget/udc/mv_udc_core.c b/drivers/usb/gadget/udc/mv_udc_core.c index b397f3a84..6dd6d52de 100644 --- a/drivers/usb/gadget/udc/mv_udc_core.c +++ b/drivers/usb/gadget/udc/mv_udc_core.c @@ -2230,6 +2230,10 @@ static int mv_udc_probe(struct platform_device *pdev) /* allocate a small amount of memory to get valid address */ udc->status_req->req.buf = kzalloc(8, GFP_KERNEL); + if (!udc->status_req->req.buf) { + retval = -ENOMEM; + goto err_destroy_dma; + } udc->status_req->req.dma = DMA_ADDR_INVALID; udc->resume_state = USB_STATE_NOTATTACHED;