Commit 2978af54 authored by Jesper Juhl's avatar Jesper Juhl Committed by Rafael J. Wysocki

ACPI: Fix memory leak in acpi_bind_one()

Memory is allocated with kzalloc() and assigned to
'physical_node'. Then 'physical_node->node_id' is initialized with a
call to 'find_first_zero_bit()', if that results in a value greater
than ACPI_MAX_PHYSICAL_NODE we'll end up jumping to the 'err:' label
and there leave the function and let 'physical_node' go out of scope
and leak the memory we allocated.
This patch fixes the leak by simply freeing the unused/unneeded memory
pointed to by 'physical_node' just before we jump to 'err:'.

[rjw: The problem has been introduced by commit 1033f904 (ACPI: Allow
 ACPI binding with USB-3.0 hub), which is new in 3.7-rc.]
Signed-off-by: default avatarJesper Juhl <jj@chaosbits.net>
Reviewed-by: default avatarToshi Kani <toshi.kani@hp.com>
Reviewed-by: default avatarYasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
Acked-by: default avatarDavid Rientjes <rientjes@google.com>
Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
parent 6f0c0580
......@@ -159,6 +159,7 @@ static int acpi_bind_one(struct device *dev, acpi_handle handle)
if (physical_node->node_id >= ACPI_MAX_PHYSICAL_NODE) {
retval = -ENOSPC;
mutex_unlock(&acpi_dev->physical_node_lock);
kfree(physical_node);
goto err;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment