projects / platform / kernel / linux-rpi3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d2d9307)
USB: rio500: fix memory leak in close after disconnect
authorOliver Neukum <oneukum@suse.com>
Thu, 9 May 2019 09:30:59 +0000 (11:30 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 9 Jun 2019 07:17:12 +0000 (09:17 +0200)
commit e0feb73428b69322dd5caae90b0207de369b5575 upstream.

If a disconnected device is closed, rio_close() must free
the buffers.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/misc/rio500.c patch | blob | history

diff --git a/drivers/usb/misc/rio500.c b/drivers/usb/misc/rio500.c
index 1d397d9..a32d61a 100644 (file)
--- a/drivers/usb/misc/rio500.c
+++ b/drivers/usb/misc/rio500.c
@@ -86,9 +86,22 @@ static int close_rio(struct inode *inode, struct file *file)
 {
        struct rio_usb_data *rio = &rio_instance;
 
-       rio->isopen = 0;
+       /* against disconnect() */
+       mutex_lock(&rio500_mutex);
+       mutex_lock(&(rio->lock));
 
-       dev_info(&rio->rio_dev->dev, "Rio closed.\n");
+       rio->isopen = 0;
+       if (!rio->present) {
+               /* cleanup has been delayed */
+               kfree(rio->ibuf);
+               kfree(rio->obuf);
+               rio->ibuf = NULL;
+               rio->obuf = NULL;
+       } else {
+               dev_info(&rio->rio_dev->dev, "Rio closed.\n");
+       }
+       mutex_unlock(&(rio->lock));
+       mutex_unlock(&rio500_mutex);
        return 0;
 }
 
Domain: System / Kernel; Licenses: GPL-2.0;