usb: gadget: f_mass_storage: Fix memory leak of fsg buffers

In fsg_common_init, we allocate some buffers via memalign().
However, these buffers are never freed.

Because of that, we cannot call => ums command multiple times on boards
with low memory (CONFIG_SYS_MALLOC_LEN=0x81000):

=> ums 0 mmc 2
UMS: LUN 0, dev mmc 2, hwpart 0, sector 0x0, count 0x3a3e000
|crq->brequest:0x0
CTRL+C - Operation aborted
=> ums 0 mmc 2
UMS: LUN 0, dev mmc 2, hwpart 0, sector 0x0, count 0x3a3e000
failed to start <NULL>: -12
g_dnl_register: failed!, error: -12
g_dnl_register failed

Make sure the fsg buffers are freed when the gadget is unbound by
calling fsg_common_release() in fsg_unbind().

Reported-by: Zixun LI <admin@hifiphile.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Tested-by: Zixun LI <admin@hifiphile.com> # on SAM9X60
Link: https://lore.kernel.org/r/20250328-ums-gadget-leak-v1-4-3b677db99bde@baylibre.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>

diff --git a/drivers/usb/gadget/f_mass_storage.c b/drivers/usb/gadget/f_mass_storage.c
index fcce6d1..71dc58d 100644 (file)
--- a/drivers/usb/gadget/f_mass_storage.c
+++ b/drivers/usb/gadget/f_mass_storage.c
@@ -2639,6 +2639,7 @@ static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
                raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
        }
 
+       fsg_common_release(fsg->common);
        free(fsg->function.descriptors);
        free(fsg->function.hs_descriptors);
        kfree(fsg);