From 84860c725364372a331589a600ce6a00437a14f8 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Sat, 11 Jun 2011 06:36:42 +0000 Subject: ISDN, hfcsusb: Don't leak in hfcsusb_ph_info() We leak the memory allocated to 'phi' when the variable goes out of scope in hfcsusb_ph_info(). Signed-off-by: Jesper Juhl Signed-off-by: David S. Miller --- drivers/isdn/hardware/mISDN/hfcsusb.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/isdn') diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c index 3ccbff13eaf2..71a8eb6ef71e 100644 --- a/drivers/isdn/hardware/mISDN/hfcsusb.c +++ b/drivers/isdn/hardware/mISDN/hfcsusb.c @@ -283,6 +283,7 @@ hfcsusb_ph_info(struct hfcsusb *hw) _queue_data(&dch->dev.D, MPH_INFORMATION_IND, MISDN_ID_ANY, sizeof(struct ph_info_dch) + dch->dev.nrbchan * sizeof(struct ph_info_ch), phi, GFP_ATOMIC); + kfree(phi); } /* -- cgit v1.2.3 From 2f9381e98471837b631743270de988e78aad1f96 Mon Sep 17 00:00:00 2001 From: Pavel Shved Date: Fri, 17 Jun 2011 06:25:11 +0000 Subject: gigaset: call module_put before restart of if_open() if_open() calls try_module_get(), and after an attempt to lock a mutex the if_open() function may return -ERESTARTSYS without putting the module. Then, when if_open() is executed again, try_module_get() is called making the reference counter of THIS_MODULE greater than one at successful exit from if_open(). The if_close() function puts the module only once, and as a result it can't be unloaded. This patch adds module_put call before the return from if_open(). Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Pavel Shved Signed-off-by: David S. Miller --- drivers/isdn/gigaset/interface.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'drivers/isdn') diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c index 59de638225fe..e35058bcd7b9 100644 --- a/drivers/isdn/gigaset/interface.c +++ b/drivers/isdn/gigaset/interface.c @@ -156,8 +156,10 @@ static int if_open(struct tty_struct *tty, struct file *filp) if (!cs || !try_module_get(cs->driver->owner)) return -ENODEV; - if (mutex_lock_interruptible(&cs->mutex)) + if (mutex_lock_interruptible(&cs->mutex)) { + module_put(cs->driver->owner); return -ERESTARTSYS; + } tty->driver_data = cs; ++cs->open_count; -- cgit v1.2.3