2014-07-10 23:31:56

by Alexey Khoroshilov

[permalink] [raw]
Subject: [PATCH] staging: gdm724x: fix leak at failure path in init_usb()

If an allocation in init_usb() failed, it returns without
deallocation of already allocated resources.

The patch fix it and replaces GFP_ATOMIC by GFP_KERNEL in
alloc_tx_sdu_struct() and alloc_rx_struct() as long as
they are called from probe only.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <[email protected]>
---
drivers/staging/gdm724x/gdm_usb.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
index ee6e40facca7..ea89d530ff3f 100644
--- a/drivers/staging/gdm724x/gdm_usb.c
+++ b/drivers/staging/gdm724x/gdm_usb.c
@@ -125,11 +125,11 @@ static struct usb_tx_sdu *alloc_tx_sdu_struct(void)
{
struct usb_tx_sdu *t_sdu;

- t_sdu = kzalloc(sizeof(struct usb_tx_sdu), GFP_ATOMIC);
+ t_sdu = kzalloc(sizeof(struct usb_tx_sdu), GFP_KERNEL);
if (!t_sdu)
return NULL;

- t_sdu->buf = kmalloc(SDU_BUF_SIZE, GFP_ATOMIC);
+ t_sdu->buf = kmalloc(SDU_BUF_SIZE, GFP_KERNEL);
if (!t_sdu->buf) {
kfree(t_sdu);
return NULL;
@@ -183,14 +183,14 @@ static struct usb_rx *alloc_rx_struct(void)
struct usb_rx *r = NULL;
int ret = 0;

- r = kmalloc(sizeof(struct usb_rx), GFP_ATOMIC);
+ r = kmalloc(sizeof(struct usb_rx), GFP_KERNEL);
if (!r) {
ret = -ENOMEM;
goto out;
}

- r->urb = usb_alloc_urb(0, GFP_ATOMIC);
- r->buf = kmalloc(RX_BUF_SIZE, GFP_ATOMIC);
+ r->urb = usb_alloc_urb(0, GFP_KERNEL);
+ r->buf = kmalloc(RX_BUF_SIZE, GFP_KERNEL);
if (!r->urb || !r->buf) {
ret = -ENOMEM;
goto out;
@@ -366,6 +366,7 @@ static int init_usb(struct lte_udev *udev)
INIT_DELAYED_WORK(&udev->work_rx, do_rx);
return 0;
fail:
+ release_usb(udev);
return ret;
}

--
1.9.1