cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom

commit d03d1021da6fe7f46efe9f2a7335564e7c9db5ab upstream.

The fields, "toc" and "cd_info", of "struct gdrom_unit gd" are allocated
in "probe_gdrom()". Prevent a memory leak by making sure "gd.cd_info" is
deallocated in the "remove_gdrom()" function.

Also prevent double free of the field "gd.toc" by moving it from the
module's exit function to "remove_gdrom()". This is because, in
"probe_gdrom()", the function makes sure to deallocate "gd.toc" in case
of any errors, so the exit function invoked later would again free
"gd.toc".

The patch also maintains consistency by deallocating the above mentioned
fields in "remove_gdrom()" along with another memory allocated field
"gd.disk".

Suggested-by: Jens Axboe <axboe@kernel.dk>
Cc: Peter Rosin <peda@axentia.se>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Atul Gopinathan <atulgopinathan@gmail.com>
Link: https://lore.kernel.org/r/20210503115736.2104747-28-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
index ae3a7537cf0fbce1f85d76446f3f2ca2087b151a..d0325d2c9071ce19c914e127ff6f33b4e5c2fe67 100644 (file)
--- a/drivers/cdrom/gdrom.c
+++ b/drivers/cdrom/gdrom.c
@@ -857,6 +857,8 @@ static int remove_gdrom(struct platform_device *devptr)
        if (gdrom_major)
                unregister_blkdev(gdrom_major, GDROM_DEV_NAME);
        unregister_cdrom(gd.cd_info);
+       kfree(gd.cd_info);
+       kfree(gd.toc);
 
        return 0;
 }
@@ -888,7 +890,6 @@ static void __exit exit_gdrom(void)
 {
        platform_device_unregister(pd);
        platform_driver_unregister(&gdrom_driver);
-       kfree(gd.toc);
 }
 
 module_init(init_gdrom);