From 5c26a308b1c8ca31f10a91bf091b282cb469528c Mon Sep 17 00:00:00 2001
From: Ansa Ahmed <quic_ansa@quicinc.com>
Date: Wed, 25 Oct 2023 18:27:15 +0530
Subject: [PATCH] msm: adsprpc: fix memory leak scenario in print debug data

Add proper return path to ensure that allocated memory for gmsglog
variables is freed before exiting. In error cases when returning
from the function without proper exit handling, not freeing allocated
memory leads to memory leak.

Change-Id: I718a6a3d1fef8598cb67e7d627bde00a8b009324
Signed-off-by: Ansa Ahmed <quic_ansa@quicinc.com>
---
 dsp/adsprpc.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/dsp/adsprpc.c b/dsp/adsprpc.c
index 9903d4f48a..f2b2a2e29b 100644
--- a/dsp/adsprpc.c
+++ b/dsp/adsprpc.c
@@ -3512,9 +3512,13 @@ static int fastrpc_wait_on_async_queue(
 	struct hlist_node *n;
 
 read_async_job:
+	if (!fl) {
+		err = -EBADF;
+		goto bail;
+	}
 	interrupted = wait_event_interruptible(fl->async_wait_queue,
 				atomic_read(&fl->async_queue_job_count));
-	if (!fl || fl->file_close >= FASTRPC_PROCESS_EXIT_START) {
+	if (fl->file_close >= FASTRPC_PROCESS_EXIT_START) {
 		err = -EBADF;
 		goto bail;
 	}
@@ -3598,12 +3602,12 @@ static int fastrpc_wait_on_notif_queue(
 	struct smq_notif_rsp  *notif = NULL, *inotif = NULL, *n = NULL;
 
 read_notif_status:
+        if (!fl) {
+                err = -EBADF;
+                goto bail;
+        }
 	interrupted = wait_event_interruptible(fl->proc_state_notif.notif_wait_queue,
 				atomic_read(&fl->proc_state_notif.notif_queue_count));
-	if (!fl) {
-		err = -EBADF;
-		goto bail;
-	}
 	if (fl->exit_notif) {
 		err = -EFAULT;
 		goto bail;
@@ -7613,20 +7617,20 @@ static void  fastrpc_print_debug_data(int cid)
 	VERIFY(err, NULL != (gmsg_log_tx = kzalloc(MD_GMSG_BUFFER, GFP_KERNEL)));
 	if (err) {
 		err = -ENOMEM;
-		return;
+		goto free_buf;
 	}
 	VERIFY(err, NULL != (gmsg_log_rx = kzalloc(MD_GMSG_BUFFER, GFP_KERNEL)));
 	if (err) {
 		err = -ENOMEM;
-		return;
+                goto free_buf;
 	}
 	chan = &me->channel[cid];
 	if ((!chan) || (!chan->buf))
-		return;
+                goto free_buf;
 
 	mini_dump_buff = chan->buf->virt;
 	if (!mini_dump_buff)
-		return;
+                goto free_buf;
 
 	if (chan) {
 		tx_index = chan->gmsg_log.tx_index;
@@ -7772,6 +7776,7 @@ static void  fastrpc_print_debug_data(int cid)
 			"gmsg_log_rx:\n %s\n", gmsg_log_rx);
 	if (chan && chan->buf)
 		chan->buf->size = strlen(mini_dump_buff);
+free_buf:
 	kfree(gmsg_log_tx);
 	kfree(gmsg_log_rx);
 }