releases/2.6.22.2/firewire-fix-memory-leak-of-fw_request-instances.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From stable-bounces@linux.kernel.org Thu Jul 19 00:28:56 2007
 From: Stefan Richter <stefanr@s5r6.in-berlin.de>
 Date: Thu, 19 Jul 2007 09:28:42 +0200 (CEST)
 Subject: firewire: fix memory leak of fw_request instances
 To: stable@kernel.org
 Cc: Kristian Høgsberg <krh@redhat.com>, linux-kernel@vger.kernel.org
 Message-ID: <tkrat.25648a77ea40c9e3@s5r6.in-berlin.de>
 Content-Disposition: INLINE

 From: Stefan Richter <stefanr@s5r6.in-berlin.de>

 Found and debugged by Jay Fenlason <fenlason@redhat.com>.
 The bug was especially noticeable with direct I/O over fw-sbp2.

 Same as commit 9c9bdf4d50730fd04b06077e22d7a83b585f26b5.

 Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
 Signed-off-by: Kristian Høgsberg <krh@redhat.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

 ---
  drivers/firewire/fw-transaction.c |    4 +++-
  drivers/firewire/fw-transaction.h |    4 ++++
  2 files changed, 7 insertions(+), 1 deletion(-)

 --- a/drivers/firewire/fw-transaction.c
 +++ b/drivers/firewire/fw-transaction.c
 @@ -605,8 +605,10 @@ fw_send_response(struct fw_card *card, s
  	 * check is sufficient to ensure we don't send response to
  	 * broadcast packets or posted writes.
  	 */
 -	if (request->ack != ACK_PENDING)
 +	if (request->ack != ACK_PENDING) {
 +		kfree(request);
  		return;
 +	}

  	if (rcode == RCODE_COMPLETE)
  		fw_fill_response(&request->response, request->request_header,
 --- a/drivers/firewire/fw-transaction.h
 +++ b/drivers/firewire/fw-transaction.h
 @@ -124,6 +124,10 @@ typedef void (*fw_transaction_callback_t
  					  size_t length,
  					  void *callback_data);

 +/*
 + * Important note:  The callback must guarantee that either fw_send_response()
 + * or kfree() is called on the @request.
 + */
  typedef void (*fw_address_callback_t)(struct fw_card *card,
  				      struct fw_request *request,
  				      int tcode, int destination, int source,
	From stable-bounces@linux.kernel.org Thu Jul 19 00:28:56 2007
	From: Stefan Richter <stefanr@s5r6.in-berlin.de>
	Date: Thu, 19 Jul 2007 09:28:42 +0200 (CEST)
	Subject: firewire: fix memory leak of fw_request instances
	To: stable@kernel.org
	Cc: Kristian Høgsberg <krh@redhat.com>, linux-kernel@vger.kernel.org
	Message-ID: <tkrat.25648a77ea40c9e3@s5r6.in-berlin.de>
	Content-Disposition: INLINE

	From: Stefan Richter <stefanr@s5r6.in-berlin.de>

	Found and debugged by Jay Fenlason <fenlason@redhat.com>.
	The bug was especially noticeable with direct I/O over fw-sbp2.

	Same as commit 9c9bdf4d50730fd04b06077e22d7a83b585f26b5.

	Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
	Signed-off-by: Kristian Høgsberg <krh@redhat.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

	---
	drivers/firewire/fw-transaction.c \| 4 +++-
	drivers/firewire/fw-transaction.h \| 4 ++++
	2 files changed, 7 insertions(+), 1 deletion(-)

	--- a/drivers/firewire/fw-transaction.c
	+++ b/drivers/firewire/fw-transaction.c
	@@ -605,8 +605,10 @@ fw_send_response(struct fw_card *card, s
	* check is sufficient to ensure we don't send response to
	* broadcast packets or posted writes.
	*/
	- if (request->ack != ACK_PENDING)
	+ if (request->ack != ACK_PENDING) {
	+ kfree(request);
	return;
	+ }

	if (rcode == RCODE_COMPLETE)
	fw_fill_response(&request->response, request->request_header,
	--- a/drivers/firewire/fw-transaction.h
	+++ b/drivers/firewire/fw-transaction.h
	@@ -124,6 +124,10 @@ typedef void (*fw_transaction_callback_t
	size_t length,
	void *callback_data);

	+/*
	+ * Important note: The callback must guarantee that either fw_send_response()
	+ * or kfree() is called on the @request.
	+ */
	typedef void (fw_address_callback_t)(struct fw_card card,
	struct fw_request *request,
	int tcode, int destination, int source,