Turns out the first kmemdup is only required for the .report_fixup() driver callback. There is no need to do two kmemdup() in a raw in case .report_fixup() is not present. Signed-off-by: Benjamin Tissoires <bentiss@xxxxxxxxxx> --- new in v2 --- drivers/hid/hid-core.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index a5f5415571cb..172746a082f9 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1206,7 +1206,7 @@ int hid_open_report(struct hid_device *device) struct hid_item item; unsigned int size; const __u8 *start; - __u8 *buf; + __u8 *buf = NULL; const __u8 *end; const __u8 *next; int ret; @@ -1227,14 +1227,18 @@ int hid_open_report(struct hid_device *device) if (WARN_ON(!start)) return -ENODEV; - buf = kmemdup(start, size, GFP_KERNEL); - if (buf == NULL) - return -ENOMEM; + if (device->driver->report_fixup) { + /* + * device->driver->report_fixup() needs to work + * on a copy of our report descriptor so it can + * change it. + */ + buf = kmemdup(start, size, GFP_KERNEL); + if (buf == NULL) + return -ENOMEM; - if (device->driver->report_fixup) start = device->driver->report_fixup(device, buf, &size); - else - start = buf; + } start = kmemdup(start, size, GFP_KERNEL); kfree(buf); -- 2.46.0