usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()

xhci_alloc_stream_info() allocates stream context array for stream_info
->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs,
stream_info->stream_ctx_array is not released, which will lead to a
memory leak.

We can fix it by releasing the stream_info->stream_ctx_array with
xhci_free_stream_ctx() on the error path to avoid the potential memory
leak.

Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220921123450.671459-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 8c19e15..9e56aa2 100644 (file)
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -641,7 +641,7 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
                        num_stream_ctxs, &stream_info->ctx_array_dma,
                        mem_flags);
        if (!stream_info->stream_ctx_array)
-               goto cleanup_ctx;
+               goto cleanup_ring_array;
        memset(stream_info->stream_ctx_array, 0,
                        sizeof(struct xhci_stream_ctx)*num_stream_ctxs);
 
@@ -702,6 +702,11 @@ cleanup_rings:
        }
        xhci_free_command(xhci, stream_info->free_streams_command);
 cleanup_ctx:
+       xhci_free_stream_ctx(xhci,
+               stream_info->num_stream_ctxs,
+               stream_info->stream_ctx_array,
+               stream_info->ctx_array_dma);
+cleanup_ring_array:
        kfree(stream_info->stream_rings);
 cleanup_info:
        kfree(stream_info);