From 773fe724ab7ca9c32e2411eb2d85ea455e82714e Mon Sep 17 00:00:00 2001 From: Alexey Khoroshilov Date: Mon, 10 Jun 2013 23:29:16 +0400 Subject: [PATCH] staging: ft1000: fix memory leak on error path in ft1000_probe() ft1000dev->tx_urb and ft1000dev->rx_urb are not deallocated if something goes wrong in ft1000_probe(). Also there is no check for success of urb allocation. The patch fixes the both issues. By the way, there is no sense in GFP_ATOMIC for urb allocation here, so it is changed to GFP_KERNEL. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: Greg Kroah-Hartman --- drivers/staging/ft1000/ft1000-usb/ft1000_usb.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c index 614db55a8171..29a7cd23845d 100644 --- a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c +++ b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c @@ -79,8 +79,12 @@ static int ft1000_probe(struct usb_interface *interface, ft1000dev->dev = dev; ft1000dev->status = 0; ft1000dev->net = NULL; - ft1000dev->tx_urb = usb_alloc_urb(0, GFP_ATOMIC); - ft1000dev->rx_urb = usb_alloc_urb(0, GFP_ATOMIC); + ft1000dev->tx_urb = usb_alloc_urb(0, GFP_KERNEL); + ft1000dev->rx_urb = usb_alloc_urb(0, GFP_KERNEL); + if (!ft1000dev->tx_urb || !ft1000dev->rx_urb) { + ret = -ENOMEM; + goto err_fw; + } DEBUG("ft1000_probe is called\n"); numaltsetting = interface->num_altsetting; @@ -209,6 +213,8 @@ err_thread: err_load: kfree(pFileStart); err_fw: + usb_free_urb(ft1000dev->rx_urb); + usb_free_urb(ft1000dev->tx_urb); kfree(ft1000dev); return ret; } -- 2.20.1