[PATCH] relay: fix potential memory leak

From: Zhouyi Zhou
Date: Wed Jun 01 2016 - 06:53:47 EST


when relay_open_buf fails in relay_open, program will goto free_bufs,
but chan is nowhere freed.

In addition, give warning to users who forget to provide create file
hook.

Signed-off-by: Zhouyi Zhou <zhouzhouyi@xxxxxxxxx>
---
kernel/relay.c | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/kernel/relay.c b/kernel/relay.c
index 074994b..e0990c7 100644
--- a/kernel/relay.c
+++ b/kernel/relay.c
@@ -589,6 +589,13 @@ struct rchan *relay_open(const char *base_filename,
chan->parent = parent;
chan->private_data = private_data;
if (base_filename) {
+ if (!cb || !cb->create_buf_file) {
+ printk(KERN_ERR
+ "relay_open: has base filename without "
+ "providing hook to create file\n");
+ kfree(chan);
+ return NULL;
+ }
chan->has_base_filename = 1;
strlcpy(chan->base_filename, base_filename, NAME_MAX);
}
@@ -614,6 +621,7 @@ free_bufs:

kref_put(&chan->kref, relay_destroy_channel);
mutex_unlock(&relay_channels_mutex);
+ kfree(chan);
return NULL;
}
EXPORT_SYMBOL_GPL(relay_open);
--
1.9.1