firewire: fix memory leak of fw_request instances
authorStefan Richter <stefanr@s5r6.in-berlin.de>
Tue, 17 Jul 2007 00:15:36 +0000 (02:15 +0200)
committerStefan Richter <stefanr@s5r6.in-berlin.de>
Wed, 18 Jul 2007 21:53:28 +0000 (23:53 +0200)
Found and debugged by Jay Fenlason <fenlason@redhat.com>.
The bug was especially noticeable with direct I/O over fw-sbp2.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Kristian Høgsberg <krh@redhat.com>
drivers/firewire/fw-transaction.c
drivers/firewire/fw-transaction.h

index c4b3417a5dac47ec43944262b2518c1ef636a638..3ce8e2fbe15fc3d84fb6be6cf8b73cdcc195ac2c 100644 (file)
@@ -605,8 +605,10 @@ fw_send_response(struct fw_card *card, struct fw_request *request, int rcode)
         * check is sufficient to ensure we don't send response to
         * broadcast packets or posted writes.
         */
-       if (request->ack != ACK_PENDING)
+       if (request->ack != ACK_PENDING) {
+               kfree(request);
                return;
+       }
 
        if (rcode == RCODE_COMPLETE)
                fw_fill_response(&request->response, request->request_header,
index 5abed193f4a65deb8c6ab3f27355a03a9d3092e8..5ceaccd10564cbfd7623757ba351e8490d542fe7 100644 (file)
@@ -123,6 +123,10 @@ typedef void (*fw_transaction_callback_t)(struct fw_card *card, int rcode,
                                          size_t length,
                                          void *callback_data);
 
+/*
+ * Important note:  The callback must guarantee that either fw_send_response()
+ * or kfree() is called on the @request.
+ */
 typedef void (*fw_address_callback_t)(struct fw_card *card,
                                      struct fw_request *request,
                                      int tcode, int destination, int source,