Re: [PATCH 04/11] hso: fix memory leak in hso_create_rfkill()
From: Oliver Neukum
Date: Tue Jan 20 2015 - 08:13:35 EST
On Tue, 2015-01-20 at 13:29 +0100, Olivier Sobrie wrote:
> When the rfkill interface was created, a buffer containing the name
> of the rfkill node was allocated. This buffer was never freed when the
> device disappears.
>
> To fix the problem, we put the name given to rfkill_alloc() in
> the hso_net structure.
>
> Signed-off-by: Olivier Sobrie <olivier@xxxxxxxxx>
> ---
> drivers/net/usb/hso.c | 12 +++---------
> 1 file changed, 3 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
> index 470ef9e..a49ac2e 100644
> --- a/drivers/net/usb/hso.c
> +++ b/drivers/net/usb/hso.c
> @@ -153,6 +153,7 @@ struct hso_net {
> struct hso_device *parent;
> struct net_device *net;
> struct rfkill *rfkill;
> + char name[8];
>
> struct usb_endpoint_descriptor *in_endp;
> struct usb_endpoint_descriptor *out_endp;
> @@ -2467,27 +2468,20 @@ static void hso_create_rfkill(struct hso_device *hso_dev,
> {
> struct hso_net *hso_net = dev2net(hso_dev);
> struct device *dev = &hso_net->net->dev;
> - char *rfkn;
>
> - rfkn = kzalloc(20, GFP_KERNEL);
> - if (!rfkn)
> - dev_err(dev, "%s - Out of memory\n", __func__);
> -
> - snprintf(rfkn, 20, "hso-%d",
> + snprintf(hso_net->name, sizeof(hso_net->name), "hso-%d",
> interface->altsetting->desc.bInterfaceNumber);
That number is not unique. Indeed it will be identical for all devices.
Regards
Oliver
--
Oliver Neukum <oneukum@xxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/