ACPI: Fix memory leak in acpi_bind_one()

Memory is allocated with kzalloc() and assigned to
'physical_node'. Then 'physical_node->node_id' is initialized with a
call to 'find_first_zero_bit()', if that results in a value greater
than ACPI_MAX_PHYSICAL_NODE we'll end up jumping to the 'err:' label
and there leave the function and let 'physical_node' go out of scope
and leak the memory we allocated.
This patch fixes the leak by simply freeing the unused/unneeded memory
pointed to by 'physical_node' just before we jump to 'err:'.

[rjw: The problem has been introduced by commit 1033f90 (ACPI: Allow
 ACPI binding with USB-3.0 hub), which is new in 3.7-rc.]

Signed-off-by: Jesper Juhl <[email protected]>
Reviewed-by: Toshi Kani <[email protected]>
Reviewed-by: Yasuaki Ishimatsu <[email protected]>
Acked-by: David Rientjes <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>

diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c
index d1a2d74033e945237afdef3fac02aea87cdebbdd..08373086cd7e883edeec356acb102bcac46147cf 100644 (file)
--- a/drivers/acpi/glue.c
+++ b/drivers/acpi/glue.c
@@ -159,6 +159,7 @@ static int acpi_bind_one(struct device *dev, acpi_handle handle)
        if (physical_node->node_id >= ACPI_MAX_PHYSICAL_NODE) {
                retval = -ENOSPC;
                mutex_unlock(&acpi_dev->physical_node_lock);
+               kfree(physical_node);
                goto err;
        }