diff options
author | Paul Fulghum <paulkf@microgate.com> | 2006-06-25 05:49:12 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-25 10:01:22 -0700 |
commit | cc44a817f65f9b4651643d334f6351b6d1f5e6c2 (patch) | |
tree | 818ea9a738b72cfd11f97637312e743aa344e195 /drivers/char/rocket.c | |
parent | 45c9b11a1d07770cabb48cb0f7960a77650ffc64 (diff) | |
download | linux-stable-cc44a817f65f9b4651643d334f6351b6d1f5e6c2.tar.gz linux-stable-cc44a817f65f9b4651643d334f6351b6d1f5e6c2.tar.bz2 linux-stable-cc44a817f65f9b4651643d334f6351b6d1f5e6c2.zip |
[PATCH] fix memory leak in rocketport rp_do_receive
Fix memory leak caused by incorrect use of tty buffer facility. tty
buffers are allocated but never processed by call to tty_flip_buffer_push
so they accumulate on the full buffer list. Current code uses the buffers
as a temporary storage for data before passing it directly to the line
discipline.
Signed-off-by: Paul Fulghum <paulkf@microgate.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'drivers/char/rocket.c')
-rw-r--r-- | drivers/char/rocket.c | 62 |
1 files changed, 23 insertions, 39 deletions
diff --git a/drivers/char/rocket.c b/drivers/char/rocket.c index 7edc6a4dbdc4..0708c5164c83 100644 --- a/drivers/char/rocket.c +++ b/drivers/char/rocket.c @@ -324,35 +324,15 @@ static void rp_do_receive(struct r_port *info, CHANNEL_t * cp, unsigned int ChanStatus) { unsigned int CharNStat; - int ToRecv, wRecv, space = 0, count; - unsigned char *cbuf, *chead; - char *fbuf, *fhead; - struct tty_ldisc *ld; - - ld = tty_ldisc_ref(tty); + int ToRecv, wRecv, space; + unsigned char *cbuf; ToRecv = sGetRxCnt(cp); - space = tty->receive_room; - if (space > 2 * TTY_FLIPBUF_SIZE) - space = 2 * TTY_FLIPBUF_SIZE; - count = 0; #ifdef ROCKET_DEBUG_INTR - printk(KERN_INFO "rp_do_receive(%d, %d)...", ToRecv, space); + printk(KERN_INFO "rp_do_receive(%d)...", ToRecv); #endif - - /* - * determine how many we can actually read in. If we can't - * read any in then we have a software overrun condition. - */ - if (ToRecv > space) - ToRecv = space; - - ToRecv = tty_prepare_flip_string_flags(tty, &chead, &fhead, ToRecv); - if (ToRecv <= 0) - goto done; - - cbuf = chead; - fbuf = fhead; + if (ToRecv == 0) + return; /* * if status indicates there are errored characters in the @@ -380,6 +360,8 @@ static void rp_do_receive(struct r_port *info, info->read_status_mask); #endif while (ToRecv) { + char flag; + CharNStat = sInW(sGetTxRxDataIO(cp)); #ifdef ROCKET_DEBUG_RECEIVE printk(KERN_INFO "%x...", CharNStat); @@ -392,17 +374,16 @@ static void rp_do_receive(struct r_port *info, } CharNStat &= info->read_status_mask; if (CharNStat & STMBREAKH) - *fbuf++ = TTY_BREAK; + flag = TTY_BREAK; else if (CharNStat & STMPARITYH) - *fbuf++ = TTY_PARITY; + flag = TTY_PARITY; else if (CharNStat & STMFRAMEH) - *fbuf++ = TTY_FRAME; + flag = TTY_FRAME; else if (CharNStat & STMRCVROVRH) - *fbuf++ = TTY_OVERRUN; + flag = TTY_OVERRUN; else - *fbuf++ = TTY_NORMAL; - *cbuf++ = CharNStat & 0xff; - count++; + flag = TTY_NORMAL; + tty_insert_flip_char(tty, CharNStat & 0xff, flag); ToRecv--; } @@ -422,20 +403,23 @@ static void rp_do_receive(struct r_port *info, * characters at time by doing repeated word IO * transfer. */ + space = tty_prepare_flip_string(tty, &cbuf, ToRecv); + if (space < ToRecv) { +#ifdef ROCKET_DEBUG_RECEIVE + printk(KERN_INFO "rp_do_receive:insufficient space ToRecv=%d space=%d\n", ToRecv, space); +#endif + if (space <= 0) + return; + ToRecv = space; + } wRecv = ToRecv >> 1; if (wRecv) sInStrW(sGetTxRxDataIO(cp), (unsigned short *) cbuf, wRecv); if (ToRecv & 1) cbuf[ToRecv - 1] = sInB(sGetTxRxDataIO(cp)); - memset(fbuf, TTY_NORMAL, ToRecv); - cbuf += ToRecv; - fbuf += ToRecv; - count += ToRecv; } /* Push the data up to the tty layer */ - ld->receive_buf(tty, chead, fhead, count); -done: - tty_ldisc_deref(ld); + tty_flip_buffer_push(tty); } /* |