ft1000dev->tx_urb and ft1000dev->rx_urb are not deallocated
if something goes wrong in ft1000_probe(). Also there is no
check for success of urb allocation. The patch fixes the both issues.
By the way, there is no sense in GFP_ATOMIC for urb allocation here,
so it is changed to GFP_KERNEL.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
---
drivers/staging/ft1000/ft1000-usb/ft1000_usb.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
index 614db55..29a7cd2 100644
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
@@ -79,8 +79,12 @@ static int ft1000_probe(struct usb_interface *interface,
ft1000dev->dev = dev;
ft1000dev->status = 0;
ft1000dev->net = NULL;
- ft1000dev->tx_urb = usb_alloc_urb(0, GFP_ATOMIC);
- ft1000dev->rx_urb = usb_alloc_urb(0, GFP_ATOMIC);
+ ft1000dev->tx_urb = usb_alloc_urb(0, GFP_KERNEL);
+ ft1000dev->rx_urb = usb_alloc_urb(0, GFP_KERNEL);
+ if (!ft1000dev->tx_urb || !ft1000dev->rx_urb) {
+ ret = -ENOMEM;
+ goto err_fw;
+ }
DEBUG("ft1000_probe is called\n");
numaltsetting = interface->num_altsetting;
@@ -209,6 +213,8 @@ err_thread:
err_load:
kfree(pFileStart);
err_fw:
+ usb_free_urb(ft1000dev->rx_urb);
+ usb_free_urb(ft1000dev->tx_urb);
kfree(ft1000dev);
return ret;
}
--
1.8.1.2
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
