Re: [PATCH] line6: add midibuf init failure handling in line6_init_midi()

From: Bjorn Helgaas
Date: Thu May 16 2024 - 14:59:00 EST


On Fri, May 17, 2024 at 02:47:38AM +0900, yskelg@xxxxxxxxx wrote:
> From: Yunseong Kim <yskelg@xxxxxxxxx>
>
> This patch fixes potential memory allocation failures in the
> line6_midibuf_init(). If either midibuf_in, midibuf_out allocation
> line6_midibuf_init call failed, the allocated memory for line6midi
> might have been leaked.
>
> This patch introduces an error handling label and uses goto to jump there
> in case of allocation failures. A kfree call is added to release any
> partially allocated memory before returning the error code.
>
> Signed-off-by: Yunseong Kim <yskelg@xxxxxxxxx>

Hi Yunseong,

I don't maintain this area, but since you asked for feedback on IRC:

For the subject line, run "git log --oneline sound/usb/line6/midi.c"
and match the style, i.e., in this case it should be:

ALSA: line6: <Capitalized verb> ...

"Add init failure handling" is not very specific; I think it's worth
including the key word "leak" in the subject line.

Remove text like "this patch". We already know which patch the commit
log refers to.

Use imperative mood in the commit log, not "introduces", "uses", "is
added", etc. Details:
https://chris.beams.io/posts/git-commit/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=v6.9#n94
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/maintainer-tip.rst?id=v6.9#n134

The second paragraph ("... introduces an error handling label ...")
basically translates the patch from C to English. No need for that
since we can read the C. The commit log can be higher level to
explain why the patch should be merged.

In this case, the error paths leak the snd_line6_midi allocation (not
"might"; it's definitely a leak).

This case is so simple that you don't need much of a commit log.
Adding too much detail almost obscures the point. Something like this
would probably be sufficient:

Free line6midi in error paths to avoid leaking the allocation.

Nice work, good luck!

Bjorn

> ---
> sound/usb/line6/midi.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/sound/usb/line6/midi.c b/sound/usb/line6/midi.c
> index 0838632c788e..abcf58f46673 100644
> --- a/sound/usb/line6/midi.c
> +++ b/sound/usb/line6/midi.c
> @@ -283,13 +283,18 @@ int line6_init_midi(struct usb_line6 *line6)
>
> err = line6_midibuf_init(&line6midi->midibuf_in, MIDI_BUFFER_SIZE, 0);
> if (err < 0)
> - return err;
> + goto error;
>
> err = line6_midibuf_init(&line6midi->midibuf_out, MIDI_BUFFER_SIZE, 1);
> if (err < 0)
> - return err;
> + goto error;
>
> line6->line6midi = line6midi;
> return 0;
> +
> +error:
> + kfree(line6midi);
> + return err;
> +
> }
> EXPORT_SYMBOL_GPL(line6_init_midi);
> --
> 2.34.1
>