Hi, I have got a USB HID device which I am talking to with ioctls HIDIOCSFEATURE and HIDIOCGFEATURE on Linux 3.3.3, and I think I have discovered a memory leak. When I call ioctl(fd, HIDIOCGFEATURE...), a long series of things happens in the kernel that eventually causes hidraw_report_event() to be called to let the user space program know there is data to be retrieved by read(). hidraw_report_event() calls kmemdup() to create a copy of the data to be returned. However, I'm never going to call read() because the data is returned by the ioctl() call. So, I think that the main bug I have spotted is that if the user calls ioctl(fd, HIODCGFEATURE...), hidraw_report_event() should not be called. I'm not really familiar with the code, so I'm not sure what the best fix would be. There are a couple of secondary issues: hidraw_report_event() copies data onto the circular buffer like this: list->buffer[list->head].value = kmemdup(data, len, GFP_ATOMIC) If list->buffer[list->head].value is not NULL (because I haven't ever called read()), then the old list->buffer[list->head].value memory is leaked. hidraw_release() should probably free any non-NULL values in list->buffer, I think. James -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
