Re: [PATCH] staging: comedi: drivers: prevent memory leak
On 17/09/2019 07:33, Dan Carpenter wrote:
On Mon, Sep 16, 2019 at 09:41:43PM -0500, Navid Emamdoost wrote:
In das1800_attach, the buffer allocated via kmalloc_array needs to be
released if an error happens.
Signed-off-by: Navid Emamdoost
Commedit calls ->detach() if the ->attach() fails so this patch would
lead to a double free. See comedi_device_attach():
drivers/staging/comedi/drivers.c
983 }
984 if (!driv->attach) {
985 /* driver does not support manual configuration */
986 dev_warn(dev->class_dev,
987 "driver '%s' does not support attach using
comedi_config\n",
988 driv->driver_name);
989 module_put(driv->module);
990 ret = -EIO;
991 goto out;
992 }
993 dev->driver = driv;
994 dev->board_name = dev->board_ptr ? *(const char
**)dev->board_ptr
995 : dev->driver->driver_name;
996 ret = driv->attach(dev, it);
^
997 if (ret >= 0)
998 ret = comedi_device_postconfig(dev);
999 if (ret < 0) {
1000 comedi_device_detach(dev);
^
1001 module_put(driv->module);
1002 }
1003 /* On success, the driver module count has been incremented. */
Yes, everything should be freed properly by comedi_device_detach().
From comedi_device_detach(), some of the stuff is freed by
dev->driver->detach(), and the remainder is freed by
comedi_device_detach_cleanup().
--
-=( Ian Abbott || Web: www.mev.co.uk )=-
-=( MEV Ltd. is a company registered in England & Wales. )=-
-=( Registered number: 02862268. Registered address:)=-
-=( 15 West Park Road, Bramhall, STOCKPORT, SK7 3JZ, UK. )=-
Re: [PATCH] staging: comedi: drivers: prevent memory leak
On Mon, Sep 16, 2019 at 09:41:43PM -0500, Navid Emamdoost wrote:
> In das1800_attach, the buffer allocated via kmalloc_array needs to be
> released if an error happens.
>
> Signed-off-by: Navid Emamdoost
Commedit calls ->detach() if the ->attach() fails so this patch would
lead to a double free. See comedi_device_attach():
drivers/staging/comedi/drivers.c
983 }
984 if (!driv->attach) {
985 /* driver does not support manual configuration */
986 dev_warn(dev->class_dev,
987 "driver '%s' does not support attach using
comedi_config\n",
988 driv->driver_name);
989 module_put(driv->module);
990 ret = -EIO;
991 goto out;
992 }
993 dev->driver = driv;
994 dev->board_name = dev->board_ptr ? *(const char
**)dev->board_ptr
995 : dev->driver->driver_name;
996 ret = driv->attach(dev, it);
^
997 if (ret >= 0)
998 ret = comedi_device_postconfig(dev);
999 if (ret < 0) {
1000 comedi_device_detach(dev);
^
1001 module_put(driv->module);
1002 }
1003 /* On success, the driver module count has been incremented. */
regards,
dan carpenter
[PATCH] staging: comedi: drivers: prevent memory leak
In das1800_attach, the buffer allocated via kmalloc_array needs to be
released if an error happens.
Signed-off-by: Navid Emamdoost
---
drivers/staging/comedi/drivers/das1800.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/comedi/drivers/das1800.c
b/drivers/staging/comedi/drivers/das1800.c
index f16aa7e9f4f3..5f2d5f7a6229 100644
--- a/drivers/staging/comedi/drivers/das1800.c
+++ b/drivers/staging/comedi/drivers/das1800.c
@@ -1237,12 +1237,16 @@ static int das1800_attach(struct comedi_device *dev,
dev->pacer = comedi_8254_init(dev->iobase + DAS1800_COUNTER,
I8254_OSC_BASE_5MHZ, I8254_IO8, 0);
- if (!dev->pacer)
+ if (!dev->pacer) {
+ kfree(devpriv->fifo_buf);
return -ENOMEM;
+ }
ret = comedi_alloc_subdevices(dev, 4);
- if (ret)
+ if (ret) {
+ kfree(devpriv->fifo_buf);
return ret;
+ }
/*
* Analog Input subdevice
@@ -1290,8 +1294,10 @@ static int das1800_attach(struct comedi_device *dev,
s->insn_write = das1800_ao_insn_write;
ret = comedi_alloc_subdev_readback(s);
- if (ret)
+ if (ret) {
+ kfree(devpriv->fifo_buf);
return ret;
+ }
/* initialize all channels to 0V */
for (i = 0; i < s->n_chan; i++) {
--
2.17.1
