This is a note to let you know that I've just added the patch titled
net: caif: fix memory leak in cfusbl_device_notify
to the 5.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-caif-fix-memory-leak-in-cfusbl_device_notify.patch
and it can be found in the queue-5.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 7f5d86669fa4d485523ddb1d212e0a2d90bd62bb Mon Sep 17 00:00:00 2001
From: Pavel Skripkin <paskripkin@xxxxxxxxx>
Date: Thu, 3 Jun 2021 19:39:35 +0300
Subject: net: caif: fix memory leak in cfusbl_device_notify
From: Pavel Skripkin <paskripkin@xxxxxxxxx>
commit 7f5d86669fa4d485523ddb1d212e0a2d90bd62bb upstream.
In case of caif_enroll_dev() fail, allocated
link_support won't be assigned to the corresponding
structure. So simply free allocated pointer in case
of error.
Fixes: 7ad65bf68d70 ("caif: Add support for CAIF over CDC NCM USB interface")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/caif/caif_usb.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/net/caif/caif_usb.c
+++ b/net/caif/caif_usb.c
@@ -115,6 +115,11 @@ static struct cflayer *cfusbl_create(int
return (struct cflayer *) this;
}
+static void cfusbl_release(struct cflayer *layer)
+{
+ kfree(layer);
+}
+
static struct packet_type caif_usb_type __read_mostly = {
.type = cpu_to_be16(ETH_P_802_EX1),
};
@@ -127,6 +132,7 @@ static int cfusbl_device_notify(struct n
struct cflayer *layer, *link_support;
struct usbnet *usbnet;
struct usb_device *usbdev;
+ int res;
/* Check whether we have a NCM device, and find its VID/PID. */
if (!(dev->dev.parent && dev->dev.parent->driver &&
@@ -169,8 +175,11 @@ static int cfusbl_device_notify(struct n
if (dev->num_tx_queues > 1)
pr_warn("USB device uses more than one tx queue\n");
- caif_enroll_dev(dev, &common, link_support, CFUSB_MAX_HEADLEN,
+ res = caif_enroll_dev(dev, &common, link_support, CFUSB_MAX_HEADLEN,
&layer, &caif_usb_type.func);
+ if (res)
+ goto err;
+
if (!pack_added)
dev_add_pack(&caif_usb_type);
pack_added = true;
@@ -178,6 +187,9 @@ static int cfusbl_device_notify(struct n
strlcpy(layer->name, dev->name, sizeof(layer->name));
return 0;
+err:
+ cfusbl_release(link_support);
+ return res;
}
static struct notifier_block caif_device_notifier = {
Patches currently in stable-queue which might be from paskripkin@xxxxxxxxx are
queue-5.4/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
queue-5.4/net-caif-fix-memory-leak-in-cfusbl_device_notify.patch
queue-5.4/net-caif-added-cfserl_release-function.patch
queue-5.4/net-caif-add-proper-error-handling.patch
queue-5.4/net-caif-fix-memory-leak-in-caif_device_notify.patch
