usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()

[ Upstream commit 7e271f42a5cc3768cd2622b929ba66859ae21f97 ]

xhci_alloc_stream_info() allocates stream context array for stream_info
->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs,
stream_info->stream_ctx_array is not released, which will lead to a
memory leak.

We can fix it by releasing the stream_info->stream_ctx_array with
xhci_free_stream_ctx() on the error path to avoid the potential memory
leak.

Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220921123450.671459-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index e930e2777c875676cd84b1f0de9cba8b7deccec1..ae724460c8f213bab2a1b737a25be66429255719 100644 (file)
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -657,7 +657,7 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
                        num_stream_ctxs, &stream_info->ctx_array_dma,
                        mem_flags);
        if (!stream_info->stream_ctx_array)
-               goto cleanup_ctx;
+               goto cleanup_ring_array;
        memset(stream_info->stream_ctx_array, 0,
                        sizeof(struct xhci_stream_ctx)*num_stream_ctxs);
 
@@ -718,6 +718,11 @@ cleanup_rings:
        }
        xhci_free_command(xhci, stream_info->free_streams_command);
 cleanup_ctx:
+       xhci_free_stream_ctx(xhci,
+               stream_info->num_stream_ctxs,
+               stream_info->stream_ctx_array,
+               stream_info->ctx_array_dma);
+cleanup_ring_array:
        kfree(stream_info->stream_rings);
 cleanup_info:
        kfree(stream_info);