1. Patchew
  2. linux
  3. [PATCH v2 0/2] most: core: fix resource leak in most_register_interface error paths
  4. View patch

[PATCH v2 2/2] most: usb: remove double cleanup of interface on registration failure

Navaneeth K posted 2 patches 2 months, 2 weeks ago
There is a newer version of this series
[PATCH v2 2/2] most: usb: remove double cleanup of interface on registration failure
Posted by Navaneeth K 2 months, 2 weeks ago 
Since most_register_interface() now correctly handles cleanup (calling
put_device on failure), the manual cleanup in hdm_probe() would cause
a double-free.

Remove the manual cleanup labels and return the error code directly.

Signed-off-by: Navaneeth K <knavaneeth786@gmail.com>
---
 drivers/most/most_usb.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/drivers/most/most_usb.c b/drivers/most/most_usb.c
index 10064d7b72498..597cf7f4e6b90 100644
--- a/drivers/most/most_usb.c
+++ b/drivers/most/most_usb.c
@@ -1058,7 +1058,7 @@ hdm_probe(struct usb_interface *interface, const struct usb_device_id *id)
 
 	ret = most_register_interface(&mdev->iface);
 	if (ret)
-		goto err_free_busy_urbs;
+		return ret;
 
 	mutex_lock(&mdev->io_mutex);
 	if (le16_to_cpu(usb_dev->descriptor.idProduct) == USB_DEV_ID_OS81118 ||
@@ -1068,8 +1068,7 @@ hdm_probe(struct usb_interface *interface, const struct usb_device_id *id)
 		if (!mdev->dci) {
 			mutex_unlock(&mdev->io_mutex);
 			most_deregister_interface(&mdev->iface);
-			ret = -ENOMEM;
-			goto err_free_busy_urbs;
+			return -ENOMEM;
 		}
 
 		mdev->dci->dev.init_name = "dci";
@@ -1077,19 +1076,15 @@ hdm_probe(struct usb_interface *interface, const struct usb_device_id *id)
 		mdev->dci->dev.groups = dci_groups;
 		mdev->dci->dev.release = release_dci;
 		if (device_register(&mdev->dci->dev)) {
+			put_device(&mdev->dci->dev);
 			mutex_unlock(&mdev->io_mutex);
 			most_deregister_interface(&mdev->iface);
-			ret = -ENOMEM;
-			goto err_free_dci;
+			return -ENOMEM;
 		}
 		mdev->dci->usb_device = mdev->usb_device;
 	}
 	mutex_unlock(&mdev->io_mutex);
 	return 0;
-err_free_dci:
-	put_device(&mdev->dci->dev);
-err_free_busy_urbs:
-	kfree(mdev->busy_urbs);
 err_free_ep_address:
 	kfree(mdev->ep_address);
 err_free_cap:
-- 
2.43.0
Re: [PATCH v2 2/2] most: usb: remove double cleanup of interface on registration failure
Posted by Abdun Nihaal 2 months, 1 week ago 
On Tue, Nov 25, 2025 at 10:56:06PM +0000, Navaneeth K wrote:
> Since most_register_interface() now correctly handles cleanup (calling
> put_device on failure), the manual cleanup in hdm_probe() would cause
> a double-free.
> 
> Remove the manual cleanup labels and return the error code directly.

This exact change has already been done by Johan Hovold in the following
patch: https://lore.kernel.org/all/20251029093029.28922-1-johan@kernel.org/

I find that patch in Linux-next. It must have been already applied.
and so you can drop this patch.

Regards,
Nihaal
Re: [PATCH v2 2/2] most: usb: remove double cleanup of interface on registration failure
Posted by Navaneeth K 2 months, 1 week ago 
Hi Nihaal,

Thanks for pointing that out. I missed that Johan's patch was already in 
linux-next.

I will drop this patch and send v3 containing only the core fix (which 
is still needed to prevent the leak).

Regards,
Navaneeth


On 26-11-2025 23:01, Abdun Nihaal wrote:
> On Tue, Nov 25, 2025 at 10:56:06PM +0000, Navaneeth K wrote:
>> Since most_register_interface() now correctly handles cleanup (calling
>> put_device on failure), the manual cleanup in hdm_probe() would cause
>> a double-free.
>>
>> Remove the manual cleanup labels and return the error code directly.
> This exact change has already been done by Johan Hovold in the following
> patch: https://lore.kernel.org/all/20251029093029.28922-1-johan@kernel.org/
>
> I find that patch in Linux-next. It must have been already applied.
> and so you can drop this patch.
>
> Regards,
> Nihaal

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.