| From 9374e24c9fd09b09da15d62924eaf2d0e6ccf2f7 Mon Sep 17 00:00:00 2001 |
| From: Wenwen Wang <wenwen@cs.uga.edu> |
| Date: Sat, 25 Jan 2020 14:33:29 +0000 |
| Subject: [PATCH] firestream: fix memory leaks |
| |
| commit fa865ba183d61c1ec8cbcab8573159c3b72b89a4 upstream. |
| |
| In fs_open(), 'vcc' is allocated through kmalloc() and assigned to |
| 'atm_vcc->dev_data.' In the following execution, if an error occurs, e.g., |
| there is no more free channel, an error code EBUSY or ENOMEM will be |
| returned. However, 'vcc' is not deallocated, leading to memory leaks. Note |
| that, in normal cases where fs_open() returns 0, 'vcc' will be deallocated |
| in fs_close(). But, if fs_open() fails, there is no guarantee that |
| fs_close() will be invoked. |
| |
| To fix this issue, deallocate 'vcc' before the error code is returned. |
| |
| Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c |
| index 2bbab0230aeb..d287837ed755 100644 |
| --- a/drivers/atm/firestream.c |
| +++ b/drivers/atm/firestream.c |
| @@ -912,6 +912,7 @@ static int fs_open(struct atm_vcc *atm_vcc) |
| } |
| if (!to) { |
| printk ("No more free channels for FS50..\n"); |
| + kfree(vcc); |
| return -EBUSY; |
| } |
| vcc->channo = dev->channo; |
| @@ -922,6 +923,7 @@ static int fs_open(struct atm_vcc *atm_vcc) |
| if (((DO_DIRECTION(rxtp) && dev->atm_vccs[vcc->channo])) || |
| ( DO_DIRECTION(txtp) && test_bit (vcc->channo, dev->tx_inuse))) { |
| printk ("Channel is in use for FS155.\n"); |
| + kfree(vcc); |
| return -EBUSY; |
| } |
| } |
| @@ -935,6 +937,7 @@ static int fs_open(struct atm_vcc *atm_vcc) |
| tc, sizeof (struct fs_transmit_config)); |
| if (!tc) { |
| fs_dprintk (FS_DEBUG_OPEN, "fs: can't alloc transmit_config.\n"); |
| + kfree(vcc); |
| return -ENOMEM; |
| } |
| |
| -- |
| 2.7.4 |
| |
