| From stable-bounces@linux.kernel.org Thu Jul 19 00:28:56 2007 |
| From: Stefan Richter <stefanr@s5r6.in-berlin.de> |
| Date: Thu, 19 Jul 2007 09:28:42 +0200 (CEST) |
| Subject: firewire: fix memory leak of fw_request instances |
| To: stable@kernel.org |
| Cc: Kristian Høgsberg <krh@redhat.com>, linux-kernel@vger.kernel.org |
| Message-ID: <tkrat.25648a77ea40c9e3@s5r6.in-berlin.de> |
| Content-Disposition: INLINE |
| |
| From: Stefan Richter <stefanr@s5r6.in-berlin.de> |
| |
| Found and debugged by Jay Fenlason <fenlason@redhat.com>. |
| The bug was especially noticeable with direct I/O over fw-sbp2. |
| |
| Same as commit 9c9bdf4d50730fd04b06077e22d7a83b585f26b5. |
| |
| Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> |
| Signed-off-by: Kristian Høgsberg <krh@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/firewire/fw-transaction.c | 4 +++- |
| drivers/firewire/fw-transaction.h | 4 ++++ |
| 2 files changed, 7 insertions(+), 1 deletion(-) |
| |
| --- a/drivers/firewire/fw-transaction.c |
| +++ b/drivers/firewire/fw-transaction.c |
| @@ -605,8 +605,10 @@ fw_send_response(struct fw_card *card, s |
| * check is sufficient to ensure we don't send response to |
| * broadcast packets or posted writes. |
| */ |
| - if (request->ack != ACK_PENDING) |
| + if (request->ack != ACK_PENDING) { |
| + kfree(request); |
| return; |
| + } |
| |
| if (rcode == RCODE_COMPLETE) |
| fw_fill_response(&request->response, request->request_header, |
| --- a/drivers/firewire/fw-transaction.h |
| +++ b/drivers/firewire/fw-transaction.h |
| @@ -124,6 +124,10 @@ typedef void (*fw_transaction_callback_t |
| size_t length, |
| void *callback_data); |
| |
| +/* |
| + * Important note: The callback must guarantee that either fw_send_response() |
| + * or kfree() is called on the @request. |
| + */ |
| typedef void (*fw_address_callback_t)(struct fw_card *card, |
| struct fw_request *request, |
| int tcode, int destination, int source, |