samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

msm: adsprpc: fix memory leak scenario in print debug data

Browse Source 
Add proper return path to ensure that allocated memory for gmsglog
variables is freed before exiting. In error cases when returning
from the function without proper exit handling, not freeing allocated
memory leads to memory leak.

Change-Id: I718a6a3d1fef8598cb67e7d627bde00a8b009324
Signed-off-by: Ansa Ahmed <quic_ansa@quicinc.com>
This commit is contained in:
Ansa Ahmed
2023-10-25 18:27:15 +05:30
parent 25171a642b
commit 5c26a308b1
1 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
dsp/adsprpc.c
View File

@@ -3512,9 +3512,13 @@ static int fastrpc_wait_on_async_queue(
struct hlist_node *n; struct hlist_node *n;
read_async_job: read_async_job:
if (!fl) {
err = -EBADF;
goto bail;
}
interrupted = wait_event_interruptible(fl->async_wait_queue, interrupted = wait_event_interruptible(fl->async_wait_queue,
atomic_read(&fl->async_queue_job_count)); atomic_read(&fl->async_queue_job_count));
if (!fl || fl->file_close >= FASTRPC_PROCESS_EXIT_START) { if (fl->file_close >= FASTRPC_PROCESS_EXIT_START) {
err = -EBADF; err = -EBADF;
goto bail; goto bail;
} }
@@ -3598,12 +3602,12 @@ static int fastrpc_wait_on_notif_queue(
struct smq_notif_rsp *notif = NULL, *inotif = NULL, *n = NULL; struct smq_notif_rsp *notif = NULL, *inotif = NULL, *n = NULL;
read_notif_status: read_notif_status:
interrupted = wait_event_interruptible(fl->proc_state_notif.notif_wait_queue,
atomic_read(&fl->proc_state_notif.notif_queue_count));
if (!fl) { if (!fl) {
err = -EBADF; err = -EBADF;
goto bail; goto bail;
} }
interrupted = wait_event_interruptible(fl->proc_state_notif.notif_wait_queue,
atomic_read(&fl->proc_state_notif.notif_queue_count));
if (fl->exit_notif) { if (fl->exit_notif) {
err = -EFAULT; err = -EFAULT;
goto bail; goto bail;
@@ -7613,20 +7617,20 @@ static void fastrpc_print_debug_data(int cid)
VERIFY(err, NULL != (gmsg_log_tx = kzalloc(MD_GMSG_BUFFER, GFP_KERNEL))); VERIFY(err, NULL != (gmsg_log_tx = kzalloc(MD_GMSG_BUFFER, GFP_KERNEL)));
if (err) { if (err) {
err = -ENOMEM; err = -ENOMEM;
return; goto free_buf;
} }
VERIFY(err, NULL != (gmsg_log_rx = kzalloc(MD_GMSG_BUFFER, GFP_KERNEL))); VERIFY(err, NULL != (gmsg_log_rx = kzalloc(MD_GMSG_BUFFER, GFP_KERNEL)));
if (err) { if (err) {
err = -ENOMEM; err = -ENOMEM;
return; goto free_buf;
} }
chan = &me->channel[cid]; chan = &me->channel[cid];
if ((!chan) || (!chan->buf)) if ((!chan) || (!chan->buf))
return; goto free_buf;
mini_dump_buff = chan->buf->virt; mini_dump_buff = chan->buf->virt;
if (!mini_dump_buff) if (!mini_dump_buff)
return; goto free_buf;
if (chan) { if (chan) {
tx_index = chan->gmsg_log.tx_index; tx_index = chan->gmsg_log.tx_index;
@@ -7772,6 +7776,7 @@ static void fastrpc_print_debug_data(int cid)
"gmsg_log_rx:\n %s\n", gmsg_log_rx); "gmsg_log_rx:\n %s\n", gmsg_log_rx);
if (chan && chan->buf) if (chan && chan->buf)
chan->buf->size = strlen(mini_dump_buff); chan->buf->size = strlen(mini_dump_buff);
free_buf:
kfree(gmsg_log_tx); kfree(gmsg_log_tx);
kfree(gmsg_log_rx); kfree(gmsg_log_rx);
} }