[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20121026000035.055477377@linuxfoundation.org>
Date: Thu, 25 Oct 2012 17:05:57 -0700
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
alan@...rguk.ukuu.org.uk, Johan Hovold <jhovold@...il.com>
Subject: [ 39/85] USB: ti_usb_3410_5052: fix port-data memory leak
3.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <jhovold@...il.com>
commit 51ef847df74632e7cfdf952afc3887de105b8b35 upstream.
Fix port-data memory leak by moving port data allocation and
deallocation to port_probe and port_remove.
Since commit 0998d0631001288 (device-core: Ensure drvdata = NULL when no
driver is bound) the port private data is no longer freed at release as
it is no longer accessible.
Compile-only tested.
Signed-off-by: Johan Hovold <jhovold@...il.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
drivers/usb/serial/ti_usb_3410_5052.c | 88 ++++++++++++++++------------------
1 file changed, 43 insertions(+), 45 deletions(-)
--- a/drivers/usb/serial/ti_usb_3410_5052.c
+++ b/drivers/usb/serial/ti_usb_3410_5052.c
@@ -98,6 +98,8 @@ struct ti_device {
static int ti_startup(struct usb_serial *serial);
static void ti_release(struct usb_serial *serial);
+static int ti_port_probe(struct usb_serial_port *port);
+static int ti_port_remove(struct usb_serial_port *port);
static int ti_open(struct tty_struct *tty, struct usb_serial_port *port);
static void ti_close(struct usb_serial_port *port);
static int ti_write(struct tty_struct *tty, struct usb_serial_port *port,
@@ -223,6 +225,8 @@ static struct usb_serial_driver ti_1port
.num_ports = 1,
.attach = ti_startup,
.release = ti_release,
+ .port_probe = ti_port_probe,
+ .port_remove = ti_port_remove,
.open = ti_open,
.close = ti_close,
.write = ti_write,
@@ -251,6 +255,8 @@ static struct usb_serial_driver ti_2port
.num_ports = 2,
.attach = ti_startup,
.release = ti_release,
+ .port_probe = ti_port_probe,
+ .port_remove = ti_port_remove,
.open = ti_open,
.close = ti_close,
.write = ti_write,
@@ -358,11 +364,8 @@ module_exit(ti_exit);
static int ti_startup(struct usb_serial *serial)
{
struct ti_device *tdev;
- struct ti_port *tport;
struct usb_device *dev = serial->dev;
int status;
- int i;
-
dbg("%s - product 0x%4X, num configurations %d, configuration value %d",
__func__, le16_to_cpu(dev->descriptor.idProduct),
@@ -409,42 +412,8 @@ static int ti_startup(struct usb_serial
goto free_tdev;
}
- /* set up port structures */
- for (i = 0; i < serial->num_ports; ++i) {
- tport = kzalloc(sizeof(struct ti_port), GFP_KERNEL);
- if (tport == NULL) {
- dev_err(&dev->dev, "%s - out of memory\n", __func__);
- status = -ENOMEM;
- goto free_tports;
- }
- spin_lock_init(&tport->tp_lock);
- tport->tp_uart_base_addr = (i == 0 ?
- TI_UART1_BASE_ADDR : TI_UART2_BASE_ADDR);
- tport->tp_closing_wait = closing_wait;
- init_waitqueue_head(&tport->tp_msr_wait);
- init_waitqueue_head(&tport->tp_write_wait);
- if (kfifo_alloc(&tport->write_fifo, TI_WRITE_BUF_SIZE,
- GFP_KERNEL)) {
- dev_err(&dev->dev, "%s - out of memory\n", __func__);
- kfree(tport);
- status = -ENOMEM;
- goto free_tports;
- }
- tport->tp_port = serial->port[i];
- tport->tp_tdev = tdev;
- usb_set_serial_port_data(serial->port[i], tport);
- tport->tp_uart_mode = 0; /* default is RS232 */
- }
-
return 0;
-free_tports:
- for (--i; i >= 0; --i) {
- tport = usb_get_serial_port_data(serial->port[i]);
- kfifo_free(&tport->write_fifo);
- kfree(tport);
- usb_set_serial_port_data(serial->port[i], NULL);
- }
free_tdev:
kfree(tdev);
usb_set_serial_data(serial, NULL);
@@ -454,21 +423,50 @@ free_tdev:
static void ti_release(struct usb_serial *serial)
{
- int i;
struct ti_device *tdev = usb_get_serial_data(serial);
+
+ kfree(tdev);
+}
+
+static int ti_port_probe(struct usb_serial_port *port)
+{
struct ti_port *tport;
- for (i = 0; i < serial->num_ports; ++i) {
- tport = usb_get_serial_port_data(serial->port[i]);
- if (tport) {
- kfifo_free(&tport->write_fifo);
- kfree(tport);
- }
+ tport = kzalloc(sizeof(*tport), GFP_KERNEL);
+ if (!tport)
+ return -ENOMEM;
+
+ spin_lock_init(&tport->tp_lock);
+ if (port == port->serial->port[0])
+ tport->tp_uart_base_addr = TI_UART1_BASE_ADDR;
+ else
+ tport->tp_uart_base_addr = TI_UART2_BASE_ADDR;
+ tport->tp_closing_wait = closing_wait;
+ init_waitqueue_head(&tport->tp_msr_wait);
+ init_waitqueue_head(&tport->tp_write_wait);
+ if (kfifo_alloc(&tport->write_fifo, TI_WRITE_BUF_SIZE, GFP_KERNEL)) {
+ kfree(tport);
+ return -ENOMEM;
}
+ tport->tp_port = port;
+ tport->tp_tdev = usb_get_serial_data(port->serial);
+ tport->tp_uart_mode = 0; /* default is RS232 */
- kfree(tdev);
+ usb_set_serial_port_data(port, tport);
+
+ return 0;
}
+static int ti_port_remove(struct usb_serial_port *port)
+{
+ struct ti_port *tport;
+
+ tport = usb_get_serial_port_data(port);
+ kfifo_free(&tport->write_fifo);
+ kfree(tport);
+
+ return 0;
+}
static int ti_open(struct tty_struct *tty, struct usb_serial_port *port)
{
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists