[char-misc for v5.0] mei: free read cb on ctrl_wr list flush

Tomas Winkler Tue, 29 Jan 2019 23:19:38 -0800

From: Alexander Usyskin <alexander.usys...@intel.com>

There is a little window during disconnection flow
when read cb is moved between lists and may be not freed.
Remove moving read cbs explicitly during flash fixes this memory
leak.


Signed-off-by: Alexander Usyskin <alexander.usys...@intel.com>
Signed-off-by: Tomas Winkler <tomas.wink...@intel.com>
---
 drivers/misc/mei/client.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/misc/mei/client.c b/drivers/misc/mei/client.c
index 1fc8ea0f519b..ca4c9cc218a2 100644
--- a/drivers/misc/mei/client.c
+++ b/drivers/misc/mei/client.c
@@ -401,8 +401,11 @@ static void mei_io_list_flush_cl(struct list_head *head,
        struct mei_cl_cb *cb, *next;
 
        list_for_each_entry_safe(cb, next, head, list) {
-               if (cl == cb->cl)
+               if (cl == cb->cl) {
                        list_del_init(&cb->list);
+                       if (cb->fop_type == MEI_FOP_READ)
+                               mei_io_cb_free(cb);
+               }
        }
 }
 
-- 
2.20.1

[char-misc for v5.0] mei: free read cb on ctrl_wr list flush

Reply via email to