On Sat, Sep 04, 2021 at 05:34:29PM +0200, Florian Faber wrote: > The memory for the udc structure allocated via kzalloc in line 1295 is not > freed in the error handling code, leading to a memory leak in case of an > error. > > Singed-off-by: Florian Faber <faber@xxxxxxxxxxx> > > --- > drivers/usb/gadget/udc/core.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c > index 14fdf918ecfe..a1270a44855a 100644 > --- a/drivers/usb/gadget/udc/core.c > +++ b/drivers/usb/gadget/udc/core.c > @@ -1346,6 +1346,8 @@ int usb_add_gadget(struct usb_gadget *gadget) > > err_put_udc: > put_device(&udc->dev); > + kfree(udc); > + gadget->udc = NULL; > > error: > return ret; > -- > 2.33.0 > > Flo > -- > Machines can do the work, so people have time to think. Did you test this? I think you will find that you just caused a use-after-free :( Please read the documentation for device_initialize() for why this is not the correct thing to do here. thanks, greg k-h
