Re: [PATCH] staging : rtl8712: Free memory when kmalloc fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 26, 2016 at 12:39 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, Oct 26, 2016 at 12:30:26PM +0530, Souptick Joarder wrote:
>> There are few functions where we need to free previously allocated memory
>> when kmalloc fails. Else it may lead to memory leakage.
>> In  _init_cmd_priv() and _r8712_init_xmit_priv(),in few places we are not
>> freeing previously allocated memory  when kmalloc fails.
>> This patch will address it.
>>
>> Signed-off-by: Souptick joarder <jrdr.linux@xxxxxxxxx>
>> ---
>>  drivers/staging/rtl8712/rtl871x_cmd.c  | 5 ++++-
>>  drivers/staging/rtl8712/rtl871x_xmit.c | 5 ++++-
>>  2 files changed, 8 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/staging/rtl8712/rtl871x_cmd.c b/drivers/staging/rtl8712/rtl871x_cmd.c
>> index b7ee5e6..04638f1 100644
>> --- a/drivers/staging/rtl8712/rtl871x_cmd.c
>> +++ b/drivers/staging/rtl8712/rtl871x_cmd.c
>> @@ -72,8 +72,11 @@ static sint _init_cmd_priv(struct cmd_priv *pcmdpriv)
>>                           ((addr_t)(pcmdpriv->cmd_allocated_buf) &
>>                           (CMDBUFF_ALIGN_SZ - 1));
>>       pcmdpriv->rsp_allocated_buf = kmalloc(MAX_RSPSZ + 4, GFP_ATOMIC);
>> -     if (!pcmdpriv->rsp_allocated_buf)
>> +     if (!pcmdpriv->rsp_allocated_buf) {
>> +             kfree(pcmdpriv->cmd_allocated_buf);
>> +             pcmdpriv->cmd_allocated_buf = NULL;
>
> Why do you have to set this to NULL?

When _init_cmd_priv() fails  r8712_usb_dvobj_deinit() will be called
to during deinit of driver.
 r8712_usb_dvobj_deinit() is not yet implemented.

 pcmdpriv->cmd_allocated_buf is set to NULL when freed. Else after
free pcmdpriv->cmd_allocated_buf still hold some invalid address.
 So during deinit if anyone try to free again, it may lead to  stability issue.

 Correct me if I am wrong.

 Do I need to remove pcmdpriv->cmd_allocated_buf = NULL ?

>
>>               return _FAIL;
>> +     }
>>       pcmdpriv->rsp_buf = pcmdpriv->rsp_allocated_buf  +  4 -
>>                           ((addr_t)(pcmdpriv->rsp_allocated_buf) & 3);
>>       pcmdpriv->cmd_issued_cnt = 0;
>> diff --git a/drivers/staging/rtl8712/rtl871x_xmit.c b/drivers/staging/rtl8712/rtl871x_xmit.c
>> index be38364..484d2f2 100644
>> --- a/drivers/staging/rtl8712/rtl871x_xmit.c
>> +++ b/drivers/staging/rtl8712/rtl871x_xmit.c
>> @@ -128,8 +128,11 @@ sint _r8712_init_xmit_priv(struct xmit_priv *pxmitpriv,
>>       _init_queue(&pxmitpriv->pending_xmitbuf_queue);
>>       pxmitpriv->pallocated_xmitbuf = kmalloc(NR_XMITBUFF * sizeof(struct xmit_buf) + 4,
>>                                               GFP_ATOMIC);
>> -     if (!pxmitpriv->pallocated_xmitbuf)
>> +     if (!pxmitpriv->pallocated_xmitbuf) {
>> +             kfree(pxmitpriv->pallocated_frame_buf);
>> +             pxmitpriv->pallocated_frame_buf = NULL;
>
> Same here, why set to NULL?  What code relies on this?
>
same here.

Do I need to remove pxmitpriv->pallocated_frame_buf = NULL ?

> thanks,
>
> greg k-h
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel



[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux