msm: ipa: Fix memory leak in ipa driver (96194882) · Commits · e / devices / android_kernel_fairphone_FP3

drivers/platform/msm/ipa/ipa_v2/ipa_intf.c

+5 −1

Original line number	Diff line number	Diff line
		/* Copyright (c) 2013-2016, The Linux Foundation. All rights reserved.
		/* Copyright (c) 2013-2017, The Linux Foundation. All rights reserved.
		*
		* This program is free software; you can redistribute it and/or modify
		* it under the terms of the GNU General Public License version 2 and
		@@ -538,6 +538,8 @@ ssize_t ipa_read(struct file filp, char __user buf, size_t count,
		mutex_unlock(&ipa_ctx->msg_lock);
		if (copy_to_user(buf, &msg->meta,
		sizeof(struct ipa_msg_meta))) {
		kfree(msg);
		msg = NULL;
		ret = -EFAULT;
		break;
		}
		@@ -546,6 +548,8 @@ ssize_t ipa_read(struct file filp, char __user buf, size_t count,
		if (msg->buff) {
		if (copy_to_user(buf, msg->buff,
		msg->meta.msg_len)) {
		kfree(msg);
		msg = NULL;
		ret = -EFAULT;
		break;
		}

+5 −1

Original line number	Diff line number	Diff line
		/* Copyright (c) 2013-2016, The Linux Foundation. All rights reserved.
		/* Copyright (c) 2013-2017, The Linux Foundation. All rights reserved.
		*
		* This program is free software; you can redistribute it and/or modify
		* it under the terms of the GNU General Public License version 2 and
		@@ -548,6 +548,8 @@ ssize_t ipa3_read(struct file filp, char __user buf, size_t count,
		if (copy_to_user(buf, &msg->meta,
		sizeof(struct ipa_msg_meta))) {
		ret = -EFAULT;
		kfree(msg);
		msg = NULL;
		break;
		}
		buf += sizeof(struct ipa_msg_meta);
		@@ -556,6 +558,8 @@ ssize_t ipa3_read(struct file filp, char __user buf, size_t count,
		if (copy_to_user(buf, msg->buff,
		msg->meta.msg_len)) {
		ret = -EFAULT;
		kfree(msg);
		msg = NULL;
		break;
		}
		buf += msg->meta.msg_len;