From: Ian Abbott Date: Mon, 7 Oct 2013 14:51:58 +0000 (+0100) Subject: staging: comedi: avoid memleak for subdevice private X-Git-Tag: v3.12.2~90 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=adf0c46683b2c5b3ba261b21b68ad6e6b7592b89;p=kernel%2Fkernel-generic.git staging: comedi: avoid memleak for subdevice private commit 67aa4acbc97f6a55b328e4e2305ef19cbe949d85 upstream. `comedi_alloc_spriv()` allocates private storage for a comedi subdevice and sets the `SRF_FREE_SPRIV` flag in the `runflags` member of the subdevice to allow the private storage to be automatically freed when the comedi device is being cleaned up. Unfortunately, the flag gets clobbered by `do_cmd_ioctl()` which calls `comedi_set_subdevice_runflags()` with a mask value `~0` and only the `SRF_USER` and `SRF_RUNNING` flags set, all the other SRF flags being cleared. Change the calls to `comedi_set_subdevice_runflags()` that currently use a mask value of `~0` to use a more relevant mask value. For `do_cmd_ioctl()`, the relevant SRF flags are `SRF_USER`, `SRF_ERROR` and `SRF_RUNNING`. (At one time, `SRF_RT` would be included in that set of flags, but it is no longer used.) For `comedi_alloc_spriv()` replace the call to `comedi_set_subdevice_runflags()` with a simple OR-assignment to avoid unnecessary use of a spin-lock. Signed-off-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c index 1636c7c..a3af469 100644 --- a/drivers/staging/comedi/comedi_fops.c +++ b/drivers/staging/comedi/comedi_fops.c @@ -543,7 +543,7 @@ void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size) { s->private = kzalloc(size, GFP_KERNEL); if (s->private) - comedi_set_subdevice_runflags(s, ~0, SRF_FREE_SPRIV); + s->runflags |= SRF_FREE_SPRIV; return s->private; } EXPORT_SYMBOL_GPL(comedi_alloc_spriv); @@ -1485,7 +1485,8 @@ static int do_cmd_ioctl(struct comedi_device *dev, if (async->cmd.flags & TRIG_WAKE_EOS) async->cb_mask |= COMEDI_CB_EOS; - comedi_set_subdevice_runflags(s, ~0, SRF_USER | SRF_RUNNING); + comedi_set_subdevice_runflags(s, SRF_USER | SRF_ERROR | SRF_RUNNING, + SRF_USER | SRF_RUNNING); /* set s->busy _after_ setting SRF_RUNNING flag to avoid race with * comedi_read() or comedi_write() */