projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a9c1743)
usb: chipidea: udc: fix memory leak in _ep_nuke
authorMichael Grzeschik <m.grzeschik@pengutronix.de>
Thu, 4 Apr 2013 10:13:47 +0000 (13:13 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 5 Apr 2013 21:09:12 +0000 (14:09 -0700)
In hardware_enqueue code adds one extra td with dma_pool_alloc if
mReq->req.zero is true. When _ep_nuke will be called for that endpoint,
dma_pool_free will not be called to free that memory again. That patch
fixes this.

Cc: stable <stable@vger.kernel.org> # v3.5
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/chipidea/udc.c patch | blob | blame | history

diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
index b4cac44ce26c5f079700531c437690fa68e477cd..3d90e61897316be686147ee5d62d8d959532b0bb 100644 (file)
--- a/drivers/usb/chipidea/udc.c
+++ b/drivers/usb/chipidea/udc.c
@@ -540,6 +540,12 @@ __acquires(mEp->lock)
                struct ci13xxx_req *mReq = \
                        list_entry(mEp->qh.queue.next,
                                   struct ci13xxx_req, queue);
+
+               if (mReq->zptr) {
+                       dma_pool_free(mEp->td_pool, mReq->zptr, mReq->zdma);
+                       mReq->zptr = NULL;
+               }
+
                list_del_init(&mReq->queue);
                mReq->req.status = -ESHUTDOWN;