[PATCH 4.18 308/350] rpmsg: smd: fix memory leak on channel create

From: Greg Kroah-Hartman
Date: Sun Nov 11 2018 - 18:16:45 EST


4.18-stable review patch. If anyone has any objections, please let me know.

------------------

From: Colin Ian King <colin.king@xxxxxxxxxxxxx>

commit 940c620d6af8fca7d115de40f19870fba415efac upstream.

Currently a failed allocation of channel->name leads to an
immediate return without freeing channel. Fix this by setting
ret to -ENOMEM and jumping to an exit path that kfree's channel.

Detected by CoverityScan, CID#1473692 ("Resource Leak")

Fixes: 53e2822e56c7 ("rpmsg: Introduce Qualcomm SMD backend")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Signed-off-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/rpmsg/qcom_smd.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

--- a/drivers/rpmsg/qcom_smd.c
+++ b/drivers/rpmsg/qcom_smd.c
@@ -1114,8 +1114,10 @@ static struct qcom_smd_channel *qcom_smd

channel->edge = edge;
channel->name = kstrdup(name, GFP_KERNEL);
- if (!channel->name)
- return ERR_PTR(-ENOMEM);
+ if (!channel->name) {
+ ret = -ENOMEM;
+ goto free_channel;
+ }

spin_lock_init(&channel->tx_lock);
spin_lock_init(&channel->recv_lock);
@@ -1165,6 +1167,7 @@ static struct qcom_smd_channel *qcom_smd

free_name_and_channel:
kfree(channel->name);
+free_channel:
kfree(channel);

return ERR_PTR(ret);