From: Jesper Juhl Date: Mon, 22 Oct 2012 22:53:58 +0000 (+0200) Subject: ACPI: Fix memory leak in acpi_bind_one() X-Git-Tag: firefly_0821_release~3680^2~1709^2~5 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=2978af545b9a1ed221e23fb24ae4559bec6ad70d;p=firefly-linux-kernel-4.4.55.git ACPI: Fix memory leak in acpi_bind_one() Memory is allocated with kzalloc() and assigned to 'physical_node'. Then 'physical_node->node_id' is initialized with a call to 'find_first_zero_bit()', if that results in a value greater than ACPI_MAX_PHYSICAL_NODE we'll end up jumping to the 'err:' label and there leave the function and let 'physical_node' go out of scope and leak the memory we allocated. This patch fixes the leak by simply freeing the unused/unneeded memory pointed to by 'physical_node' just before we jump to 'err:'. [rjw: The problem has been introduced by commit 1033f90 (ACPI: Allow ACPI binding with USB-3.0 hub), which is new in 3.7-rc.] Signed-off-by: Jesper Juhl Reviewed-by: Toshi Kani Reviewed-by: Yasuaki Ishimatsu Acked-by: David Rientjes Signed-off-by: Rafael J. Wysocki --- diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c index d1a2d74033e9..08373086cd7e 100644 --- a/drivers/acpi/glue.c +++ b/drivers/acpi/glue.c @@ -159,6 +159,7 @@ static int acpi_bind_one(struct device *dev, acpi_handle handle) if (physical_node->node_id >= ACPI_MAX_PHYSICAL_NODE) { retval = -ENOSPC; mutex_unlock(&acpi_dev->physical_node_lock); + kfree(physical_node); goto err; }