| Message ID | 20221102012533.1270876-3-yangyingliang@huawei.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | mmc: sdio: fixes some leaks | expand |
diff --git a/drivers/mmc/core/sdio.c b/drivers/mmc/core/sdio.c index f64b9ac76a5c..f314224b362b 100644 --- a/drivers/mmc/core/sdio.c +++ b/drivers/mmc/core/sdio.c @@ -133,11 +133,8 @@ static int sdio_init_func(struct mmc_card *card, unsigned int fn) return 0; fail: - /* - * It is okay to remove the function here even though we hold - * the host lock as we haven't registered the device yet. - */ - sdio_remove_func(func); + kfree(func->tmpbuf); + kfree(func); return ret; }
If it fails in sdio_init_func(), sdio_remove_func() can not free the memory that allocated in sdio_alloc_func(), because sdio_add_func() is not called yet, the sdio function is not presented and sdio_remove_func() will return directly. In this error path, we can not call put_device() to free the memory in sdio_release_func(), because sdio_read_func_cis() may fail, then sdio_free_func_cis() is called in release() funtion which could cause put the reference that has not been got. So fix these leaks with calling kfree() instead of sdio_remove_func() in error path. Fixes: 3d10a1ba0d37 ("sdio: fix reference counting in sdio_remove_func()") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- drivers/mmc/core/sdio.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-)