From: Tom Tucker Date: Thu, 23 Oct 2008 21:33:25 +0000 (-0500) Subject: p9: Fix leak of waitqueue in request allocation path X-Git-Tag: v2.6.28-rc4~30^2~3 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=45abdf1c7be80d6ec3b0b14e59ee75a0d5d9fb37;p=linux-2.6-omap-h63xx.git p9: Fix leak of waitqueue in request allocation path If a T or R fcall cannot be allocated, the function returns an error but neglects to free the wait queue that was successfully allocated. If it comes through again a second time this wq will be overwritten with a new allocation and the old allocation will be leaked. Also, if the client is subsequently closed, the close path will attempt to clean up these allocations, so set the req fields to NULL to avoid duplicate free. Signed-off-by: Tom Tucker Signed-off-by: Eric Van Hensbergen --- diff --git a/net/9p/client.c b/net/9p/client.c index 26ca8ab4519..b56d808e63a 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -189,6 +189,9 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag) printk(KERN_ERR "Couldn't grow tag array\n"); kfree(req->tc); kfree(req->rc); + kfree(req->wq); + req->tc = req->rc = NULL; + req->wq = NULL; return ERR_PTR(-ENOMEM); } req->tc->sdata = (char *) req->tc + sizeof(struct p9_fcall);