From b1bf8ac5319010e0f73183bdb78c1daf5552c8cb Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Tue, 16 Dec 2025 15:06:29 +0100 Subject: [PATCH] ALSA: timer: Relax __free() variable declarations We used to have a variable declaration with __free() initialized with NULL. This was to keep the old coding style rule, but recently it's relaxed and rather recommends to follow the new rule to declare in place of use for __free() -- which avoids potential deadlocks or UAFs with nested cleanups. Although the current code has no bug, per se, let's follow the new standard and move the declaration to the place of assignment (or directly assign the allocated result) instead of NULL initializations. Fixes: ed96f6394e1b ("ALSA: timer: Use automatic cleanup of kfree()") Fixes: 37745918e0e7 ("ALSA: timer: Introduce virtual userspace-driven timers") Signed-off-by: Takashi Iwai Link: https://patch.msgid.link/20251216140634.171890-8-tiwai@suse.de --- sound/core/timer.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sound/core/timer.c b/sound/core/timer.c index d9fff5c87613e..9a4a1748ff80b 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -1614,12 +1614,12 @@ static int snd_timer_user_next_device(struct snd_timer_id __user *_tid) static int snd_timer_user_ginfo(struct file *file, struct snd_timer_ginfo __user *_ginfo) { - struct snd_timer_ginfo *ginfo __free(kfree) = NULL; struct snd_timer_id tid; struct snd_timer *t; struct list_head *p; + struct snd_timer_ginfo *ginfo __free(kfree) = + memdup_user(_ginfo, sizeof(*ginfo)); - ginfo = memdup_user(_ginfo, sizeof(*ginfo)); if (IS_ERR(ginfo)) return PTR_ERR(ginfo); @@ -1756,7 +1756,6 @@ static int snd_timer_user_info(struct file *file, struct snd_timer_info __user *_info) { struct snd_timer_user *tu; - struct snd_timer_info *info __free(kfree) = NULL; struct snd_timer *t; tu = file->private_data; @@ -1766,7 +1765,8 @@ static int snd_timer_user_info(struct file *file, if (!t) return -EBADFD; - info = kzalloc(sizeof(*info), GFP_KERNEL); + struct snd_timer_info *info __free(kfree) = + kzalloc(sizeof(*info), GFP_KERNEL); if (! info) return -ENOMEM; info->card = t->card ? t->card->number : -1; @@ -2192,10 +2192,10 @@ static int snd_utimer_ioctl_create(struct file *file, struct snd_timer_uinfo __user *_utimer_info) { struct snd_utimer *utimer; - struct snd_timer_uinfo *utimer_info __free(kfree) = NULL; int err, timer_fd; + struct snd_timer_uinfo *utimer_info __free(kfree) = + memdup_user(_utimer_info, sizeof(*utimer_info)); - utimer_info = memdup_user(_utimer_info, sizeof(*utimer_info)); if (IS_ERR(utimer_info)) return PTR_ERR(utimer_info); -- 2.47.3