p9: Fix leak of waitqueue in request allocation path
authorTom Tucker <tom@opengridcomputing.com>
Thu, 23 Oct 2008 21:33:25 +0000 (16:33 -0500)
committerEric Van Hensbergen <ericvh@gmail.com>
Wed, 5 Nov 2008 19:19:06 +0000 (13:19 -0600)
If a T or R fcall cannot be allocated, the function returns an error
but neglects to free the wait queue that was successfully allocated.

If it comes through again a second time this wq will be overwritten
with a new allocation and the old allocation will be leaked.

Also, if the client is subsequently closed, the close path will
attempt to clean up these allocations, so set the req fields to
NULL to avoid duplicate free.

Signed-off-by: Tom Tucker <tom@opengridcomputing.com>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
net/9p/client.c

index 26ca8ab451966b1e11a6914e106815f0b844b7e2..b56d808e63a98505b3e448f10351726a789c93a0 100644 (file)
@@ -189,6 +189,9 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag)
                        printk(KERN_ERR "Couldn't grow tag array\n");
                        kfree(req->tc);
                        kfree(req->rc);
+                       kfree(req->wq);
+                       req->tc = req->rc = NULL;
+                       req->wq = NULL;
                        return ERR_PTR(-ENOMEM);
                }
                req->tc->sdata = (char *) req->tc + sizeof(struct p9_fcall);