Bug 32712 - Memory kcalloc'ed in ath5k_eeprom_convert_pcal_info_*() is not always kfree'd
Memory kcalloc'ed in ath5k_eeprom_convert_pcal_info_*() is not always kfree'd
Status: CLOSED CODE_FIX
Product: Drivers
Classification: Unclassified
Component: network-wireless
All Linux
: P1 normal
Assigned To: drivers_network-wireless@kernel-bugs.osdl.org
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-04-05 14:10 UTC by Eugene A. Shatokhin
Modified: 2011-04-29 17:55 UTC (History)
1 user (show)

See Also:
Kernel Version: 2.6.39-rc1
Tree: Mainline
Regression: No


Attachments

Description Eugene A. Shatokhin 2011-04-05 14:10:53 UTC
This problem concerns 'ath5k' driver. 

When ath5k_hw_init() performs necessary initialization tasks, ath5k_eeprom_init() is called. One of ath5k_eeprom_convert_pcal_info_[5111|5112|2413]() functions is called then, among other things. On my system, it is ath5k_eeprom_convert_pcal_info_2413() but everything also applies to the other two functions.

drivers/net/wireless/ath/ath5k/eeprom.c:
ath5k_eeprom_convert_pcal_info_2413() allocates several memory blocks in 'for' loops with kcalloc (see the lines 1153, 1176, 1182). It seems unlikely that any of these allocations will fail, the sizes of the memory blocks are rather small. Nevertheless, if one of these allocations fails, the memory blocks allocated in ath5k_eeprom_convert_pcal_info_2413() before will probably never be freed.

They could be freed by ath5k_eeprom_free_pcal_info() but this function is not called in this case. 

Not a critical problem, it seems, but still.
Comment 1 John W. Linville 2011-04-29 17:55:20 UTC
This is queued for 2.6.40...

commit a065784620a2b78a2bbd00e066c004644d227ea8
Author: John W. Linville <linville@tuxdriver.com>
Date:   Fri Apr 8 15:33:12 2011 -0400

    ath5k: improve pcal error handling for ENOMEM case
    
    The ath5k driver does kmalloc allocations for pcal info in a loop.
    But, if one fails it was simply returning -ENOMEM without freeing
    already allocated memory.  This patch corrects that oversight.
    
    Reported-by: Eugene A. Shatokhin <dame_eugene@mail.ru>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Reviewed-by: Bob Copeland <me@bobcopeland.com>

Note You need to log in before you can comment on or make changes to this bug.