On Wed, Oct 26, 2016 at 12:39 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, Oct 26, 2016 at 12:30:26PM +0530, Souptick Joarder wrote:
>> There are few functions where we need to free previously allocated memory
>> when kmalloc fails. Else it may lead to memory leakage.
>> In _init_cmd_priv() and _r8712_init_xmit_priv(),in few places we are not
>> freeing previously allocated memory when kmalloc fails.
>> This patch will address it.
>>
>> Signed-off-by: Souptick joarder <jrdr.linux@xxxxxxxxx>
>> ---
>> drivers/staging/rtl8712/rtl871x_cmd.c | 5 ++++-
>> drivers/staging/rtl8712/rtl871x_xmit.c | 5 ++++-
>> 2 files changed, 8 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/staging/rtl8712/rtl871x_cmd.c b/drivers/staging/rtl8712/rtl871x_cmd.c
>> index b7ee5e6..04638f1 100644
>> --- a/drivers/staging/rtl8712/rtl871x_cmd.c
>> +++ b/drivers/staging/rtl8712/rtl871x_cmd.c
>> @@ -72,8 +72,11 @@ static sint _init_cmd_priv(struct cmd_priv *pcmdpriv)
>> ((addr_t)(pcmdpriv->cmd_allocated_buf) &
>> (CMDBUFF_ALIGN_SZ - 1));
>> pcmdpriv->rsp_allocated_buf = kmalloc(MAX_RSPSZ + 4, GFP_ATOMIC);
>> - if (!pcmdpriv->rsp_allocated_buf)
>> + if (!pcmdpriv->rsp_allocated_buf) {
>> + kfree(pcmdpriv->cmd_allocated_buf);
>> + pcmdpriv->cmd_allocated_buf = NULL;
>
> Why do you have to set this to NULL?
When _init_cmd_priv() fails r8712_usb_dvobj_deinit() will be called
to during deinit of driver.
r8712_usb_dvobj_deinit() is not yet implemented.
pcmdpriv->cmd_allocated_buf is set to NULL when freed. Else after
free pcmdpriv->cmd_allocated_buf still hold some invalid address.
So during deinit if anyone try to free again, it may lead to stability issue.
Correct me if I am wrong.
Do I need to remove pcmdpriv->cmd_allocated_buf = NULL ?
>
>> return _FAIL;
>> + }
>> pcmdpriv->rsp_buf = pcmdpriv->rsp_allocated_buf + 4 -
>> ((addr_t)(pcmdpriv->rsp_allocated_buf) & 3);
>> pcmdpriv->cmd_issued_cnt = 0;
>> diff --git a/drivers/staging/rtl8712/rtl871x_xmit.c b/drivers/staging/rtl8712/rtl871x_xmit.c
>> index be38364..484d2f2 100644
>> --- a/drivers/staging/rtl8712/rtl871x_xmit.c
>> +++ b/drivers/staging/rtl8712/rtl871x_xmit.c
>> @@ -128,8 +128,11 @@ sint _r8712_init_xmit_priv(struct xmit_priv *pxmitpriv,
>> _init_queue(&pxmitpriv->pending_xmitbuf_queue);
>> pxmitpriv->pallocated_xmitbuf = kmalloc(NR_XMITBUFF * sizeof(struct xmit_buf) + 4,
>> GFP_ATOMIC);
>> - if (!pxmitpriv->pallocated_xmitbuf)
>> + if (!pxmitpriv->pallocated_xmitbuf) {
>> + kfree(pxmitpriv->pallocated_frame_buf);
>> + pxmitpriv->pallocated_frame_buf = NULL;
>
> Same here, why set to NULL? What code relies on this?
>
same here.
Do I need to remove pxmitpriv->pallocated_frame_buf = NULL ?
> thanks,
>
> greg k-h
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
