Re: [PATCH] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 30.6.2022 4.10, Jianglei Nie wrote:
xhci_alloc_stream_info() allocates stream context array for stream_info
->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs,
stream_info->stream_ctx_array is not released, which will lead to a
memory leak.

Nice catch, thanks


We can fix it by releasing the stream_info->stream_ctx_array with
xhci_free_stream_ctx() on the error path to avoid the potential memory
leak.


Looks like the goto labels were a bit messed up from the beginning.
There are a couple "goto cleanup_ctx" lines in the code, but
cleanup_ctx never freed the ctx.

Signed-off-by: Jianglei Nie <niejianglei2021@xxxxxxx>
---
  drivers/usb/host/xhci-mem.c | 11 ++++++++++-
  1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 8c19e151a945..a71d3a873467 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -648,8 +648,13 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
  	/* Allocate everything needed to free the stream rings later */
  	stream_info->free_streams_command =
  		xhci_alloc_command_with_ctx(xhci, true, mem_flags);
-	if (!stream_info->free_streams_command)
+	if (!stream_info->free_streams_command) {
+		xhci_free_stream_ctx(xhci,
+			stream_info->num_stream_ctxs,
+			stream_info->stream_ctx_array,
+			stream_info->ctx_array_dma);
  		goto cleanup_ctx;
+	}
INIT_RADIX_TREE(&stream_info->trb_address_map, GFP_ATOMIC); @@ -700,6 +705,10 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
  			stream_info->stream_rings[cur_stream] = NULL;
  		}
  	}
+	xhci_free_stream_ctx(xhci,
+			stream_info->num_stream_ctxs,
+			stream_info->stream_ctx_array,
+			stream_info->ctx_array_dma);
  	xhci_free_command(xhci, stream_info->free_streams_command);
  cleanup_ctx:
  	kfree(stream_info->stream_rings);

How about:

diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 8c19e151a945..f7cac1af51c5 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -641,7 +641,7 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
                        num_stream_ctxs, &stream_info->ctx_array_dma,
                        mem_flags);
        if (!stream_info->stream_ctx_array)
-               goto cleanup_ctx;
+               goto cleanup_rings;
        memset(stream_info->stream_ctx_array, 0,
                        sizeof(struct xhci_stream_ctx)*num_stream_ctxs);
@@ -702,6 +702,10 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
        }
        xhci_free_command(xhci, stream_info->free_streams_command);
 cleanup_ctx:
+       xhci_free_stream_ctx(xhci, stream_info->num_stream_ctxs,
+                            stream_info->stream_ctx_array,
+                            stream_info->ctx_array_dma);
+cleanup_rings:
        kfree(stream_info->stream_rings);
 cleanup_info:



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux