From 052d46c69064967707e65d660235403505380ad5 Mon Sep 17 00:00:00 2001 From: sunkun3 Date: Wed, 26 Jul 2023 16:35:35 +0800 Subject: [PATCH] usbdev: a memory leak occurred when the usb uninitialize process was executed In usbclass_unbind, DEV_FREEEP is called first, and later usbclass_freereq does not free memory due to ep NULL Signed-off-by: sunkun3 --- drivers/usbdev/adb.c | 32 +++++++++++++-------------- drivers/usbdev/cdcacm.c | 32 +++++++++++++-------------- drivers/usbdev/pl2303.c | 32 +++++++++++++-------------- drivers/usbdev/rndis.c | 48 ++++++++++++++++++++--------------------- 4 files changed, 72 insertions(+), 72 deletions(-) diff --git a/drivers/usbdev/adb.c b/drivers/usbdev/adb.c index d0fa562daf..a35f532a99 100644 --- a/drivers/usbdev/adb.c +++ b/drivers/usbdev/adb.c @@ -1053,22 +1053,6 @@ static void usbclass_unbind(FAR struct usbdevclass_driver_s *driver, usbclass_resetconfig(priv); - /* Free the bulk IN endpoint */ - - if (priv->epbulkin) - { - DEV_FREEEP(dev, priv->epbulkin); - priv->epbulkin = NULL; - } - - /* Free the bulk OUT endpoint */ - - if (priv->epbulkout) - { - DEV_FREEEP(dev, priv->epbulkout); - priv->epbulkout = NULL; - } - /* Free write requests that are not in use (which should be all * of them */ @@ -1094,6 +1078,22 @@ static void usbclass_unbind(FAR struct usbdevclass_driver_s *driver, usbdev_freereq(priv->epbulkin, wrcontainer->req); } } + + /* Free the bulk IN endpoint */ + + if (priv->epbulkin) + { + DEV_FREEEP(dev, priv->epbulkin); + priv->epbulkin = NULL; + } + + /* Free the bulk OUT endpoint */ + + if (priv->epbulkout) + { + DEV_FREEEP(dev, priv->epbulkout); + priv->epbulkout = NULL; + } } } diff --git a/drivers/usbdev/cdcacm.c b/drivers/usbdev/cdcacm.c index d46c0d7929..ea439d8ec7 100644 --- a/drivers/usbdev/cdcacm.c +++ b/drivers/usbdev/cdcacm.c @@ -1463,14 +1463,6 @@ static void cdcacm_unbind(FAR struct usbdevclass_driver_s *driver, cdcacm_resetconfig(priv); up_mdelay(50); - /* Free the interrupt IN endpoint */ - - if (priv->epintin) - { - DEV_FREEEP(dev, priv->epintin); - priv->epintin = NULL; - } - /* Free the pre-allocated control request */ if (priv->ctrlreq != NULL) @@ -1494,14 +1486,6 @@ static void cdcacm_unbind(FAR struct usbdevclass_driver_s *driver, } } - /* Free the bulk OUT endpoint */ - - if (priv->epbulkout) - { - DEV_FREEEP(dev, priv->epbulkout); - priv->epbulkout = NULL; - } - /* Free write requests that are not in use (which should be all * of them) */ @@ -1522,6 +1506,22 @@ static void cdcacm_unbind(FAR struct usbdevclass_driver_s *driver, DEBUGASSERT(priv->nwrq == 0); leave_critical_section(flags); + /* Free the interrupt IN endpoint */ + + if (priv->epintin) + { + DEV_FREEEP(dev, priv->epintin); + priv->epintin = NULL; + } + + /* Free the bulk OUT endpoint */ + + if (priv->epbulkout) + { + DEV_FREEEP(dev, priv->epbulkout); + priv->epbulkout = NULL; + } + /* Free the bulk IN endpoint */ if (priv->epbulkin) diff --git a/drivers/usbdev/pl2303.c b/drivers/usbdev/pl2303.c index 419d35b440..067c814a8a 100644 --- a/drivers/usbdev/pl2303.c +++ b/drivers/usbdev/pl2303.c @@ -1479,22 +1479,6 @@ static void usbclass_unbind(FAR struct usbdevclass_driver_s *driver, usbclass_resetconfig(priv); up_mdelay(50); - /* Free the interrupt IN endpoint */ - - if (priv->epintin) - { - DEV_FREEEP(dev, priv->epintin); - priv->epintin = NULL; - } - - /* Free the bulk IN endpoint */ - - if (priv->epbulkin) - { - DEV_FREEEP(dev, priv->epbulkin); - priv->epbulkin = NULL; - } - /* Free the pre-allocated control request */ if (priv->ctrlreq != NULL) @@ -1544,6 +1528,22 @@ static void usbclass_unbind(FAR struct usbdevclass_driver_s *driver, DEBUGASSERT(priv->nwrq == 0); leave_critical_section(flags); + + /* Free the interrupt IN endpoint */ + + if (priv->epintin) + { + DEV_FREEEP(dev, priv->epintin); + priv->epintin = NULL; + } + + /* Free the bulk IN endpoint */ + + if (priv->epbulkin) + { + DEV_FREEEP(dev, priv->epbulkin); + priv->epbulkin = NULL; + } } /* Clear out all data in the circular buffer */ diff --git a/drivers/usbdev/rndis.c b/drivers/usbdev/rndis.c index 145a1a6925..42c0cd3e0b 100644 --- a/drivers/usbdev/rndis.c +++ b/drivers/usbdev/rndis.c @@ -2289,22 +2289,6 @@ static void usbclass_unbind(FAR struct usbdevclass_driver_s *driver, usbclass_resetconfig(priv); up_mdelay(50); - /* Free the interrupt IN endpoint */ - - if (priv->epintin) - { - DEV_FREEEP(dev, priv->epintin); - priv->epintin = NULL; - } - - /* Free the bulk IN endpoint */ - - if (priv->epbulkin) - { - DEV_FREEEP(dev, priv->epbulkin); - priv->epbulkin = NULL; - } - /* Free the pre-allocated control request */ if (priv->ctrlreq != NULL) @@ -2328,14 +2312,6 @@ static void usbclass_unbind(FAR struct usbdevclass_driver_s *driver, usbdev_freereq(priv->epbulkout, priv->rdreq); } - /* Free the bulk OUT endpoint */ - - if (priv->epbulkout) - { - DEV_FREEEP(dev, priv->epbulkout); - priv->epbulkout = NULL; - } - netdev_unregister(&priv->netdev); /* Free write requests that are not in use (which should be all @@ -2354,6 +2330,30 @@ static void usbclass_unbind(FAR struct usbdevclass_driver_s *driver, } leave_critical_section(flags); + + /* Free the interrupt IN endpoint */ + + if (priv->epintin) + { + DEV_FREEEP(dev, priv->epintin); + priv->epintin = NULL; + } + + /* Free the bulk IN endpoint */ + + if (priv->epbulkin) + { + DEV_FREEEP(dev, priv->epbulkin); + priv->epbulkin = NULL; + } + + /* Free the bulk OUT endpoint */ + + if (priv->epbulkout) + { + DEV_FREEEP(dev, priv->epbulkout); + priv->epbulkout = NULL; + } } }