From: Michael Grzeschik Date: Thu, 4 Apr 2013 10:13:47 +0000 (+0300) Subject: usb: chipidea: udc: fix memory leak in _ep_nuke X-Git-Tag: firefly_0821_release~3680^2~672^2~66 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=7ca2cd291fd84ae499390f227a255ccba2780a81;p=firefly-linux-kernel-4.4.55.git usb: chipidea: udc: fix memory leak in _ep_nuke In hardware_enqueue code adds one extra td with dma_pool_alloc if mReq->req.zero is true. When _ep_nuke will be called for that endpoint, dma_pool_free will not be called to free that memory again. That patch fixes this. Cc: stable # v3.5 Signed-off-by: Michael Grzeschik Signed-off-by: Alexander Shishkin Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c index b4cac44ce26c..3d90e6189731 100644 --- a/drivers/usb/chipidea/udc.c +++ b/drivers/usb/chipidea/udc.c @@ -540,6 +540,12 @@ __acquires(mEp->lock) struct ci13xxx_req *mReq = \ list_entry(mEp->qh.queue.next, struct ci13xxx_req, queue); + + if (mReq->zptr) { + dma_pool_free(mEp->td_pool, mReq->zptr, mReq->zdma); + mReq->zptr = NULL; + } + list_del_init(&mReq->queue); mReq->req.status = -ESHUTDOWN;