diff options
| author | Ian Abbott <abbotti@mev.co.uk> | 2013-10-07 14:51:58 (GMT) |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-11-29 19:27:56 (GMT) |
| commit | adf0c46683b2c5b3ba261b21b68ad6e6b7592b89 (patch) | |
| tree | 5d7111151c51b0bc47d4014cc513dbd223a2d041 /drivers/staging/comedi/comedi_fops.c | |
| parent | 32f33da06f1b769fc7f9088bee344880cb70536a (diff) | |
| download | linux-fsl-qoriq-adf0c46683b2c5b3ba261b21b68ad6e6b7592b89.tar.xz | |
staging: comedi: avoid memleak for subdevice private
commit 67aa4acbc97f6a55b328e4e2305ef19cbe949d85 upstream.
`comedi_alloc_spriv()` allocates private storage for a comedi subdevice
and sets the `SRF_FREE_SPRIV` flag in the `runflags` member of the
subdevice to allow the private storage to be automatically freed when
the comedi device is being cleaned up. Unfortunately, the flag gets
clobbered by `do_cmd_ioctl()` which calls
`comedi_set_subdevice_runflags()` with a mask value `~0` and only the
`SRF_USER` and `SRF_RUNNING` flags set, all the other SRF flags being
cleared.
Change the calls to `comedi_set_subdevice_runflags()` that currently use
a mask value of `~0` to use a more relevant mask value. For
`do_cmd_ioctl()`, the relevant SRF flags are `SRF_USER`, `SRF_ERROR` and
`SRF_RUNNING`. (At one time, `SRF_RT` would be included in that set of
flags, but it is no longer used.) For `comedi_alloc_spriv()` replace
the call to `comedi_set_subdevice_runflags()` with a simple
OR-assignment to avoid unnecessary use of a spin-lock.
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging/comedi/comedi_fops.c')
| -rw-r--r-- | drivers/staging/comedi/comedi_fops.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c index 1636c7c..a3af469 100644 --- a/drivers/staging/comedi/comedi_fops.c +++ b/drivers/staging/comedi/comedi_fops.c @@ -543,7 +543,7 @@ void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size) { s->private = kzalloc(size, GFP_KERNEL); if (s->private) - comedi_set_subdevice_runflags(s, ~0, SRF_FREE_SPRIV); + s->runflags |= SRF_FREE_SPRIV; return s->private; } EXPORT_SYMBOL_GPL(comedi_alloc_spriv); @@ -1485,7 +1485,8 @@ static int do_cmd_ioctl(struct comedi_device *dev, if (async->cmd.flags & TRIG_WAKE_EOS) async->cb_mask |= COMEDI_CB_EOS; - comedi_set_subdevice_runflags(s, ~0, SRF_USER | SRF_RUNNING); + comedi_set_subdevice_runflags(s, SRF_USER | SRF_ERROR | SRF_RUNNING, + SRF_USER | SRF_RUNNING); /* set s->busy _after_ setting SRF_RUNNING flag to avoid race with * comedi_read() or comedi_write() */ |