If hid_hw_start() succeeds but ms_init_ff() fails, it will return without
calling hid_hw_stop(), which will cause a memory leak. So to prevent this,
we need to change probe() to call hid_hw_stop().

Fixes: 73c5b254c365 ("HID: microsoft: Add rumble support for Xbox One S controller")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
---
 drivers/hid/hid-microsoft.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/hid/hid-microsoft.c b/drivers/hid/hid-microsoft.c
index 18ac21c0bcb2..a27ea59a1bef 100644
--- a/drivers/hid/hid-microsoft.c
+++ b/drivers/hid/hid-microsoft.c
@@ -385,22 +385,26 @@ static int ms_probe(struct hid_device *hdev, const struct hid_device_id *id)
 	ret = hid_parse(hdev);
 	if (ret) {
 		hid_err(hdev, "parse failed\n");
-		goto err_free;
+		return ret;
 	}
 
 	ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT | ((quirks & MS_HIDINPUT) ?
 				HID_CONNECT_HIDINPUT_FORCE : 0));
 	if (ret) {
 		hid_err(hdev, "hw start failed\n");
-		goto err_free;
+		return ret;
 	}
 
 	ret = ms_init_ff(hdev);
-	if (ret)
+	if (ret) {
 		hid_err(hdev, "could not initialize ff, continuing anyway");
+		goto err_hw_stop;
+	}
 
 	return 0;
-err_free:
+
+err_hw_stop:
+	hid_hw_stop(hdev);
 	return ret;
 }
 
--

On Wed, Jul 16, 2025 at 10:22 AM Jeongjun Park <aha310510@gmail.com> wrote:
>
> If hid_hw_start() succeeds but ms_init_ff() fails, it will return without
> calling hid_hw_stop(), which will cause a memory leak. So to prevent this,
> we need to change probe() to call hid_hw_stop().
>

If I recall correctly (and it's been a _long_ time since I've looked
at this code) we intentionally didn't call `hid_hw_stop()` so that
you'd still have a functional device even if FF feature initialization
failed. What's the leak mechanism here?

> Fixes: 73c5b254c365 ("HID: microsoft: Add rumble support for Xbox One S controller")
> Signed-off-by: Jeongjun Park <aha310510@gmail.com>
> ---
>  drivers/hid/hid-microsoft.c | 12 ++++++++----
>  1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/hid/hid-microsoft.c b/drivers/hid/hid-microsoft.c
> index 18ac21c0bcb2..a27ea59a1bef 100644
> --- a/drivers/hid/hid-microsoft.c
> +++ b/drivers/hid/hid-microsoft.c
> @@ -385,22 +385,26 @@ static int ms_probe(struct hid_device *hdev, const struct hid_device_id *id)
>         ret = hid_parse(hdev);
>         if (ret) {
>                 hid_err(hdev, "parse failed\n");
> -               goto err_free;
> +               return ret;
>         }
>
>         ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT | ((quirks & MS_HIDINPUT) ?
>                                 HID_CONNECT_HIDINPUT_FORCE : 0));
>         if (ret) {
>                 hid_err(hdev, "hw start failed\n");
> -               goto err_free;
> +               return ret;
>         }
>
>         ret = ms_init_ff(hdev);
> -       if (ret)
> +       if (ret) {
>                 hid_err(hdev, "could not initialize ff, continuing anyway");
> +               goto err_hw_stop;
> +       }
>
>         return 0;
> -err_free:
> +
> +err_hw_stop:
> +       hid_hw_stop(hdev);
>         return ret;
>  }
>
> --

Hello,

Andrey Smirnov <andrew.smirnov@gmail.com> wrote:
>
> On Wed, Jul 16, 2025 at 10:22 AM Jeongjun Park <aha310510@gmail.com> wrote:
> >
> > If hid_hw_start() succeeds but ms_init_ff() fails, it will return without
> > calling hid_hw_stop(), which will cause a memory leak. So to prevent this,
> > we need to change probe() to call hid_hw_stop().
> >
>
> If I recall correctly (and it's been a _long_ time since I've looked
> at this code) we intentionally didn't call `hid_hw_stop()` so that
> you'd still have a functional device even if FF feature initialization
> failed. What's the leak mechanism here?
>

I misinterpreted the code.

Thanks for letting me know that ms_init_ff() is designed not to stop the
HW if it fails!

Regards,

Jeongjun Park