caif: add error handling for allocation
authorDan Carpenter <dan.carpenter@oracle.com>
Tue, 20 Sep 2011 21:21:59 +0000 (21:21 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 3 Oct 2011 17:45:49 +0000 (13:45 -0400)
The allocation of "phyinfo" wasn't checked, and also the allocation
wasn't freed on error paths.  Sjur Brændeland pointed out as well
that "phy_driver" should be freed on the error path too.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/caif/cfcnfg.c

index f07ab8c22224edd0d5fe33fd7ad4ced51b8e1da5..00523ecc4ced75ebaa1059c1eb3e0a324cae182e 100644 (file)
@@ -467,7 +467,7 @@ cfcnfg_add_phy_layer(struct cfcnfg *cnfg, enum cfcnfg_phy_type phy_type,
 {
        struct cflayer *frml;
        struct cflayer *phy_driver = NULL;
-       struct cfcnfg_phyinfo *phyinfo;
+       struct cfcnfg_phyinfo *phyinfo = NULL;
        int i;
        u8 phyid;
 
@@ -482,23 +482,25 @@ cfcnfg_add_phy_layer(struct cfcnfg *cnfg, enum cfcnfg_phy_type phy_type,
                        goto got_phyid;
        }
        pr_warn("Too many CAIF Link Layers (max 6)\n");
-       goto out;
+       goto out_err;
 
 got_phyid:
        phyinfo = kzalloc(sizeof(struct cfcnfg_phyinfo), GFP_ATOMIC);
+       if (!phyinfo)
+               goto out_err;
 
        switch (phy_type) {
        case CFPHYTYPE_FRAG:
                phy_driver =
                    cfserl_create(CFPHYTYPE_FRAG, phyid, stx);
                if (!phy_driver)
-                       goto out;
+                       goto out_err;
                break;
        case CFPHYTYPE_CAIF:
                phy_driver = NULL;
                break;
        default:
-               goto out;
+               goto out_err;
        }
        phy_layer->id = phyid;
        phyinfo->pref = pref;
@@ -512,10 +514,8 @@ got_phyid:
 
        frml = cffrml_create(phyid, fcs);
 
-       if (!frml) {
-               kfree(phyinfo);
-               goto out;
-       }
+       if (!frml)
+               goto out_err;
        phyinfo->frm_layer = frml;
        layer_set_up(frml, cnfg->mux);
 
@@ -531,7 +531,12 @@ got_phyid:
        }
 
        list_add_rcu(&phyinfo->node, &cnfg->phys);
-out:
+       mutex_unlock(&cnfg->lock);
+       return;
+
+out_err:
+       kfree(phy_driver);
+       kfree(phyinfo);
        mutex_unlock(&cnfg->lock);
 }
 EXPORT_SYMBOL(cfcnfg_add_phy_layer);