Commit b9e00088 authored by Michal Nazarewicz's avatar Michal Nazarewicz Committed by Greg Kroah-Hartman

USB: gadget: f_mass_storage: fix in error recovery

In to places in fsg_common_init() an unconditional call to kfree()
on common was performed in error recovery which is not a valid
behaviour since fsg_common structure is not always allocated by
fsg_common_init().

To fix, the calls has been replaced with a goto to a proper error
recovery which does the correct thing.

Also, refactored fsg_common_release() function.
Signed-off-by: default avatarMichal Nazarewicz <mina86@mina86.com>
Reviewed-by: default avatarViral Mehta <viral.mehta@lntinfotech.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent f537da68
...@@ -2742,10 +2742,8 @@ static struct fsg_common *fsg_common_init(struct fsg_common *common, ...@@ -2742,10 +2742,8 @@ static struct fsg_common *fsg_common_init(struct fsg_common *common,
/* Maybe allocate device-global string IDs, and patch descriptors */ /* Maybe allocate device-global string IDs, and patch descriptors */
if (fsg_strings[FSG_STRING_INTERFACE].id == 0) { if (fsg_strings[FSG_STRING_INTERFACE].id == 0) {
rc = usb_string_id(cdev); rc = usb_string_id(cdev);
if (rc < 0) { if (unlikely(rc < 0))
kfree(common); goto error_release;
return ERR_PTR(rc);
}
fsg_strings[FSG_STRING_INTERFACE].id = rc; fsg_strings[FSG_STRING_INTERFACE].id = rc;
fsg_intf_desc.iInterface = rc; fsg_intf_desc.iInterface = rc;
} }
...@@ -2753,9 +2751,9 @@ static struct fsg_common *fsg_common_init(struct fsg_common *common, ...@@ -2753,9 +2751,9 @@ static struct fsg_common *fsg_common_init(struct fsg_common *common,
/* Create the LUNs, open their backing files, and register the /* Create the LUNs, open their backing files, and register the
* LUN devices in sysfs. */ * LUN devices in sysfs. */
curlun = kzalloc(nluns * sizeof *curlun, GFP_KERNEL); curlun = kzalloc(nluns * sizeof *curlun, GFP_KERNEL);
if (!curlun) { if (unlikely(!curlun)) {
kfree(common); rc = -ENOMEM;
return ERR_PTR(-ENOMEM); goto error_release;
} }
common->luns = curlun; common->luns = curlun;
...@@ -2914,11 +2912,7 @@ static struct fsg_common *fsg_common_init(struct fsg_common *common, ...@@ -2914,11 +2912,7 @@ static struct fsg_common *fsg_common_init(struct fsg_common *common,
static void fsg_common_release(struct kref *ref) static void fsg_common_release(struct kref *ref)
{ {
struct fsg_common *common = struct fsg_common *common = container_of(ref, struct fsg_common, ref);
container_of(ref, struct fsg_common, ref);
unsigned i = common->nluns;
struct fsg_lun *lun = common->luns;
struct fsg_buffhd *bh;
/* If the thread isn't already dead, tell it to exit now */ /* If the thread isn't already dead, tell it to exit now */
if (common->state != FSG_STATE_TERMINATED) { if (common->state != FSG_STATE_TERMINATED) {
...@@ -2929,9 +2923,11 @@ static void fsg_common_release(struct kref *ref) ...@@ -2929,9 +2923,11 @@ static void fsg_common_release(struct kref *ref)
complete(&common->thread_notifier); complete(&common->thread_notifier);
} }
/* Beware tempting for -> do-while optimization: when in error if (likely(common->luns)) {
* recovery nluns may be zero. */ struct fsg_lun *lun = common->luns;
unsigned i = common->nluns;
/* In error recovery common->nluns may be zero. */
for (; i; --i, ++lun) { for (; i; --i, ++lun) {
device_remove_file(&lun->dev, &dev_attr_ro); device_remove_file(&lun->dev, &dev_attr_ro);
device_remove_file(&lun->dev, &dev_attr_file); device_remove_file(&lun->dev, &dev_attr_file);
...@@ -2940,12 +2936,15 @@ static void fsg_common_release(struct kref *ref) ...@@ -2940,12 +2936,15 @@ static void fsg_common_release(struct kref *ref)
} }
kfree(common->luns); kfree(common->luns);
}
i = FSG_NUM_BUFFERS; {
bh = common->buffhds; struct fsg_buffhd *bh = common->buffhds;
unsigned i = FSG_NUM_BUFFERS;
do { do {
kfree(bh->buf); kfree(bh->buf);
} while (++bh, --i); } while (++bh, --i);
}
if (common->free_storage_on_release) if (common->free_storage_on_release)
kfree(common); kfree(common);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment