forked from Minki/linux
mei: nfc: fix memory leak in error path
NFC will leak buffer if send failed. Use single exit point that does the freeing Cc: stable@vger.kernel.org #3.10+ Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
73ab423238
commit
8e8248b136
@ -342,9 +342,10 @@ static int mei_nfc_send(struct mei_cl_device *cldev, u8 *buf, size_t length)
|
||||
ndev = (struct mei_nfc_dev *) cldev->priv_data;
|
||||
dev = ndev->cl->dev;
|
||||
|
||||
err = -ENOMEM;
|
||||
mei_buf = kzalloc(length + MEI_NFC_HEADER_SIZE, GFP_KERNEL);
|
||||
if (!mei_buf)
|
||||
return -ENOMEM;
|
||||
goto out;
|
||||
|
||||
hdr = (struct mei_nfc_hci_hdr *) mei_buf;
|
||||
hdr->cmd = MEI_NFC_CMD_HCI_SEND;
|
||||
@ -354,12 +355,9 @@ static int mei_nfc_send(struct mei_cl_device *cldev, u8 *buf, size_t length)
|
||||
hdr->data_size = length;
|
||||
|
||||
memcpy(mei_buf + MEI_NFC_HEADER_SIZE, buf, length);
|
||||
|
||||
err = __mei_cl_send(ndev->cl, mei_buf, length + MEI_NFC_HEADER_SIZE);
|
||||
if (err < 0)
|
||||
return err;
|
||||
|
||||
kfree(mei_buf);
|
||||
goto out;
|
||||
|
||||
if (!wait_event_interruptible_timeout(ndev->send_wq,
|
||||
ndev->recv_req_id == ndev->req_id, HZ)) {
|
||||
@ -368,7 +366,8 @@ static int mei_nfc_send(struct mei_cl_device *cldev, u8 *buf, size_t length)
|
||||
} else {
|
||||
ndev->req_id++;
|
||||
}
|
||||
|
||||
out:
|
||||
kfree(mei_buf);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user