This is a note to let you know that I've just added the patch titled
USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
usb-gadgetfs-fix-a-potential-memory-leak-in-dev_config.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Tue Dec 12 13:38:50 CET 2017
From: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
Date: Tue, 21 Feb 2017 22:33:11 +0100
Subject: USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
From: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
[ Upstream commit b6e7aeeaf235901c42ec35de4633c7c69501d303 ]
'kbuf' is allocated just a few lines above using 'memdup_user()'.
If the 'if (dev->buf)' test fails, this memory is never released.
Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
Signed-off-by: Felipe Balbi <felipe.balbi@xxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/usb/gadget/legacy/inode.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -1837,8 +1837,10 @@ dev_config (struct file *fd, const char
spin_lock_irq (&dev->lock);
value = -EINVAL;
- if (dev->buf)
+ if (dev->buf) {
+ kfree(kbuf);
goto fail;
+ }
dev->buf = kbuf;
/* full or low speed config */
Patches currently in stable-queue which might be from christophe.jaillet@xxxxxxxxxx are
queue-4.4/usb-gadgetfs-fix-a-potential-memory-leak-in-dev_config.patch