From 0963c07e9f07769d4ad753451c81948a8ca27ee9 Mon Sep 17 00:00:00 2001 From: Zhen Kong Date: Tue, 10 Jan 2017 12:19:08 -0800 Subject: [PATCH] qseecom: fix potential memory leak in __qseecom_update_cmd_buf_64 __qseecom_update_cmd_buf_64() called __qseecom_allocate_sg_list_buffer() to allocate memory from within a for loop. Should it fail on any other than the first time through the loop, the prior allocations will not be deallocated, make change to deallocate memory in this error case. Change-Id: I8cb71a3b141249d8266aec4890632f200d147405 Signed-off-by: Zhen Kong --- drivers/misc/qseecom.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c index 20949487f859..80ec3da27979 100644 --- a/drivers/misc/qseecom.c +++ b/drivers/misc/qseecom.c @@ -1,6 +1,6 @@ /*Qualcomm Secure Execution Environment Communicator (QSEECOM) driver * - * Copyright (c) 2012-2016, The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2017, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -3625,6 +3625,13 @@ cleanup: } return ret; err: + for (i = 0; i < MAX_ION_FD; i++) + if (data->client.sec_buf_fd[i].is_sec_buf_fd && + data->client.sec_buf_fd[i].vbase) + dma_free_coherent(qseecom.pdev, + data->client.sec_buf_fd[i].size, + data->client.sec_buf_fd[i].vbase, + data->client.sec_buf_fd[i].pbase); if (!IS_ERR_OR_NULL(ihandle)) ion_free(qseecom.ion_clnt, ihandle); return -ENOMEM;