Commit 2978af54 authored Oct 23, 2012 by Jesper Juhl Committed by Rafael J. Wysocki Oct 23, 2012

ACPI: Fix memory leak in acpi_bind_one()



Memory is allocated with kzalloc() and assigned to
'physical_node'. Then 'physical_node->node_id' is initialized with a
call to 'find_first_zero_bit()', if that results in a value greater
than ACPI_MAX_PHYSICAL_NODE we'll end up jumping to the 'err:' label
and there leave the function and let 'physical_node' go out of scope
and leak the memory we allocated.
This patch fixes the leak by simply freeing the unused/unneeded memory
pointed to by 'physical_node' just before we jump to 'err:'.

[rjw: The problem has been introduced by commit 1033f904 (ACPI: Allow
 ACPI binding with USB-3.0 hub), which is new in 3.7-rc.]

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Reviewed-by: Toshi Kani <toshi.kani@hp.com>
Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

parent 6f0c0580

drivers/acpi/glue.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -159,6 +159,7 @@ static int acpi_bind_one(struct device *dev, acpi_handle handle)
		if (physical_node->node_id >= ACPI_MAX_PHYSICAL_NODE) {
		retval = -ENOSPC;
		mutex_unlock(&acpi_dev->physical_node_lock);
		kfree(physical_node);
		goto err;
		}

Admin message