diff options
author | Michal Nazarewicz <m.nazarewicz@samsung.com> | 2010-05-12 14:51:13 +0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-05-21 00:21:45 +0400 |
commit | b9e000884e50bf6b25a92a3f3580e1d14fe01591 (patch) | |
tree | 05188e049219fed1cacc50f09e1d62a296d95bbe | |
parent | f537da685c35a81a75f6067751bddb902c8adb68 (diff) | |
download | linux-b9e000884e50bf6b25a92a3f3580e1d14fe01591.tar.xz |
USB: gadget: f_mass_storage: fix in error recovery
In to places in fsg_common_init() an unconditional call to kfree()
on common was performed in error recovery which is not a valid
behaviour since fsg_common structure is not always allocated by
fsg_common_init().
To fix, the calls has been replaced with a goto to a proper error
recovery which does the correct thing.
Also, refactored fsg_common_release() function.
Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
Reviewed-by: Viral Mehta <viral.mehta@lntinfotech.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | drivers/usb/gadget/f_mass_storage.c | 51 |
1 files changed, 25 insertions, 26 deletions
diff --git a/drivers/usb/gadget/f_mass_storage.c b/drivers/usb/gadget/f_mass_storage.c index 6cfd2f428d38..7d05a0be5c60 100644 --- a/drivers/usb/gadget/f_mass_storage.c +++ b/drivers/usb/gadget/f_mass_storage.c @@ -2742,10 +2742,8 @@ static struct fsg_common *fsg_common_init(struct fsg_common *common, /* Maybe allocate device-global string IDs, and patch descriptors */ if (fsg_strings[FSG_STRING_INTERFACE].id == 0) { rc = usb_string_id(cdev); - if (rc < 0) { - kfree(common); - return ERR_PTR(rc); - } + if (unlikely(rc < 0)) + goto error_release; fsg_strings[FSG_STRING_INTERFACE].id = rc; fsg_intf_desc.iInterface = rc; } @@ -2753,9 +2751,9 @@ static struct fsg_common *fsg_common_init(struct fsg_common *common, /* Create the LUNs, open their backing files, and register the * LUN devices in sysfs. */ curlun = kzalloc(nluns * sizeof *curlun, GFP_KERNEL); - if (!curlun) { - kfree(common); - return ERR_PTR(-ENOMEM); + if (unlikely(!curlun)) { + rc = -ENOMEM; + goto error_release; } common->luns = curlun; @@ -2914,11 +2912,7 @@ error_release: static void fsg_common_release(struct kref *ref) { - struct fsg_common *common = - container_of(ref, struct fsg_common, ref); - unsigned i = common->nluns; - struct fsg_lun *lun = common->luns; - struct fsg_buffhd *bh; + struct fsg_common *common = container_of(ref, struct fsg_common, ref); /* If the thread isn't already dead, tell it to exit now */ if (common->state != FSG_STATE_TERMINATED) { @@ -2929,23 +2923,28 @@ static void fsg_common_release(struct kref *ref) complete(&common->thread_notifier); } - /* Beware tempting for -> do-while optimization: when in error - * recovery nluns may be zero. */ + if (likely(common->luns)) { + struct fsg_lun *lun = common->luns; + unsigned i = common->nluns; - for (; i; --i, ++lun) { - device_remove_file(&lun->dev, &dev_attr_ro); - device_remove_file(&lun->dev, &dev_attr_file); - fsg_lun_close(lun); - device_unregister(&lun->dev); - } + /* In error recovery common->nluns may be zero. */ + for (; i; --i, ++lun) { + device_remove_file(&lun->dev, &dev_attr_ro); + device_remove_file(&lun->dev, &dev_attr_file); + fsg_lun_close(lun); + device_unregister(&lun->dev); + } - kfree(common->luns); + kfree(common->luns); + } - i = FSG_NUM_BUFFERS; - bh = common->buffhds; - do { - kfree(bh->buf); - } while (++bh, --i); + { + struct fsg_buffhd *bh = common->buffhds; + unsigned i = FSG_NUM_BUFFERS; + do { + kfree(bh->buf); + } while (++bh, --i); + } if (common->free_storage_on_release) kfree(common); |