Showing error 784

User: Jiri Slaby
Error type: Memory Leak
Error type description: There the code omits to free some allocated memory
File location: drivers/usb/misc/usblcd.c
Line in file: 301
Project: Linux Kernel
Project version: 2.6.28
Tools: Stanse (1.2)
Entered: 2011-11-07 22:26:27 UTC

Source: 

  1/*****************************************************************************
  2 *                          USBLCD Kernel Driver                             *
  3 *                            Version 1.05                                   *
  4 *             (C) 2005 Georges Toth <g.toth@e-biz.lu>                       *
  5 *                                                                           *
  6 *     This file is licensed under the GPL. See COPYING in the package.      *
  7 * Based on usb-skeleton.c 2.0 by Greg Kroah-Hartman (greg@kroah.com)        *
  8 *                                                                           *
  9 *                                                                           *
 10 * 28.02.05 Complete rewrite of the original usblcd.c driver,                *
 11 *          based on usb_skeleton.c.                                         *
 12 *          This new driver allows more than one USB-LCD to be connected     *
 13 *          and controlled, at once                                          *
 14 *****************************************************************************/
 15#include <linux/module.h>
 16#include <linux/kernel.h>
 17#include <linux/init.h>
 18#include <linux/slab.h>
 19#include <linux/errno.h>
 20#include <linux/mutex.h>
 21#include <asm/uaccess.h>
 22#include <linux/usb.h>
 23
 24#define DRIVER_VERSION "USBLCD Driver Version 1.05"
 25
 26#define USBLCD_MINOR                144
 27
 28#define IOCTL_GET_HARD_VERSION        1
 29#define IOCTL_GET_DRV_VERSION        2
 30
 31
 32static struct usb_device_id id_table [] = {
 33        { .idVendor = 0x10D2, .match_flags = USB_DEVICE_ID_MATCH_VENDOR, },
 34        { },
 35};
 36MODULE_DEVICE_TABLE (usb, id_table);
 37
 38static DEFINE_MUTEX(open_disc_mutex);
 39
 40
 41struct usb_lcd {
 42        struct usb_device *        udev;                        /* init: probe_lcd */
 43        struct usb_interface *  interface;                /* the interface for this device */
 44        unsigned char *         bulk_in_buffer;                /* the buffer to receive data */
 45        size_t                        bulk_in_size;                /* the size of the receive buffer */
 46        __u8                        bulk_in_endpointAddr;        /* the address of the bulk in endpoint */
 47        __u8                        bulk_out_endpointAddr;        /* the address of the bulk out endpoint */
 48        struct kref                kref;
 49        struct semaphore        limit_sem;                /* to stop writes at full throttle from
 50                                                         * using up all RAM */
 51        struct usb_anchor        submitted;                /* URBs to wait for before suspend */
 52};
 53#define to_lcd_dev(d) container_of(d, struct usb_lcd, kref)
 54
 55#define USB_LCD_CONCURRENT_WRITES        5
 56
 57static struct usb_driver lcd_driver;
 58
 59
 60static void lcd_delete(struct kref *kref)
 61{
 62        struct usb_lcd *dev = to_lcd_dev(kref);
 63
 64        usb_put_dev(dev->udev);
 65        kfree (dev->bulk_in_buffer);
 66        kfree (dev);
 67}
 68
 69
 70static int lcd_open(struct inode *inode, struct file *file)
 71{
 72        struct usb_lcd *dev;
 73        struct usb_interface *interface;
 74        int subminor, r;
 75
 76        subminor = iminor(inode);
 77
 78        interface = usb_find_interface(&lcd_driver, subminor);
 79        if (!interface) {
 80                err ("USBLCD: %s - error, can't find device for minor %d",
 81                     __func__, subminor);
 82                return -ENODEV;
 83        }
 84
 85        mutex_lock(&open_disc_mutex);
 86        dev = usb_get_intfdata(interface);
 87        if (!dev) {
 88                mutex_unlock(&open_disc_mutex);
 89                return -ENODEV;
 90        }
 91
 92        /* increment our usage count for the device */
 93        kref_get(&dev->kref);
 94        mutex_unlock(&open_disc_mutex);
 95
 96        /* grab a power reference */
 97        r = usb_autopm_get_interface(interface);
 98        if (r < 0) {
 99                kref_put(&dev->kref, lcd_delete);
100                return r;
101        }
102
103        /* save our object in the file's private structure */
104        file->private_data = dev;
105
106        return 0;
107}
108
109static int lcd_release(struct inode *inode, struct file *file)
110{
111        struct usb_lcd *dev;
112
113        dev = (struct usb_lcd *)file->private_data;
114        if (dev == NULL)
115                return -ENODEV;
116
117        /* decrement the count on our device */
118        usb_autopm_put_interface(dev->interface);
119        kref_put(&dev->kref, lcd_delete);
120        return 0;
121}
122
123static ssize_t lcd_read(struct file *file, char __user * buffer, size_t count, loff_t *ppos)
124{
125        struct usb_lcd *dev;
126        int retval = 0;
127        int bytes_read;
128
129        dev = (struct usb_lcd *)file->private_data;
130
131        /* do a blocking bulk read to get data from the device */
132        retval = usb_bulk_msg(dev->udev, 
133                              usb_rcvbulkpipe(dev->udev, dev->bulk_in_endpointAddr),
134                              dev->bulk_in_buffer,
135                              min(dev->bulk_in_size, count),
136                              &bytes_read, 10000);
137
138        /* if the read was successful, copy the data to userspace */
139        if (!retval) {
140                if (copy_to_user(buffer, dev->bulk_in_buffer, bytes_read))
141                        retval = -EFAULT;
142                else
143                        retval = bytes_read;
144        }
145
146        return retval;
147}
148
149static long lcd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
150{
151        struct usb_lcd *dev;
152        u16 bcdDevice;
153        char buf[30];
154
155        dev = (struct usb_lcd *)file->private_data;
156        if (dev == NULL)
157                return -ENODEV;
158        
159        switch (cmd) {
160        case IOCTL_GET_HARD_VERSION:
161                lock_kernel();
162                bcdDevice = le16_to_cpu((dev->udev)->descriptor.bcdDevice);
163                sprintf(buf,"%1d%1d.%1d%1d",
164                        (bcdDevice & 0xF000)>>12,
165                        (bcdDevice & 0xF00)>>8,
166                        (bcdDevice & 0xF0)>>4,
167                        (bcdDevice & 0xF));
168                unlock_kernel();
169                if (copy_to_user((void __user *)arg,buf,strlen(buf))!=0)
170                        return -EFAULT;
171                break;
172        case IOCTL_GET_DRV_VERSION:
173                sprintf(buf,DRIVER_VERSION);
174                if (copy_to_user((void __user *)arg,buf,strlen(buf))!=0)
175                        return -EFAULT;
176                break;
177        default:
178                return -ENOTTY;
179                break;
180        }
181
182        return 0;
183}
184
185static void lcd_write_bulk_callback(struct urb *urb)
186{
187        struct usb_lcd *dev;
188        int status = urb->status;
189
190        dev = urb->context;
191
192        /* sync/async unlink faults aren't errors */
193        if (status &&
194            !(status == -ENOENT ||
195              status == -ECONNRESET ||
196              status == -ESHUTDOWN)) {
197                dbg("USBLCD: %s - nonzero write bulk status received: %d",
198                    __func__, status);
199        }
200
201        /* free up our allocated buffer */
202        usb_buffer_free(urb->dev, urb->transfer_buffer_length,
203                        urb->transfer_buffer, urb->transfer_dma);
204        up(&dev->limit_sem);
205}
206
207static ssize_t lcd_write(struct file *file, const char __user * user_buffer, size_t count, loff_t *ppos)
208{
209        struct usb_lcd *dev;
210        int retval = 0, r;
211        struct urb *urb = NULL;
212        char *buf = NULL;
213        
214        dev = (struct usb_lcd *)file->private_data;
215        
216        /* verify that we actually have some data to write */
217        if (count == 0)
218                goto exit;
219
220        r = down_interruptible(&dev->limit_sem);
221        if (r < 0)
222                return -EINTR;
223
224        /* create a urb, and a buffer for it, and copy the data to the urb */
225        urb = usb_alloc_urb(0, GFP_KERNEL);
226        if (!urb) {
227                retval = -ENOMEM;
228                goto err_no_buf;
229        }
230        
231        buf = usb_buffer_alloc(dev->udev, count, GFP_KERNEL, &urb->transfer_dma);
232        if (!buf) {
233                retval = -ENOMEM;
234                goto error;
235        }
236        
237        if (copy_from_user(buf, user_buffer, count)) {
238                retval = -EFAULT;
239                goto error;
240        }
241        
242        /* initialize the urb properly */
243        usb_fill_bulk_urb(urb, dev->udev,
244                          usb_sndbulkpipe(dev->udev, dev->bulk_out_endpointAddr),
245                          buf, count, lcd_write_bulk_callback, dev);
246        urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
247
248        usb_anchor_urb(urb, &dev->submitted);
249        
250        /* send the data out the bulk port */
251        retval = usb_submit_urb(urb, GFP_KERNEL);
252        if (retval) {
253                err("USBLCD: %s - failed submitting write urb, error %d", __func__, retval);
254                goto error_unanchor;
255        }
256        
257        /* release our reference to this urb, the USB core will eventually free it entirely */
258        usb_free_urb(urb);
259
260exit:
261        return count;
262error_unanchor:
263        usb_unanchor_urb(urb);
264error:
265        usb_buffer_free(dev->udev, count, buf, urb->transfer_dma);
266        usb_free_urb(urb);
267err_no_buf:
268        up(&dev->limit_sem);
269        return retval;
270}
271
272static const struct file_operations lcd_fops = {
273        .owner =        THIS_MODULE,
274        .read =         lcd_read,
275        .write =        lcd_write,
276        .open =         lcd_open,
277        .unlocked_ioctl = lcd_ioctl,
278        .release =      lcd_release,
279};
280
281/*
282 * usb class driver info in order to get a minor number from the usb core,
283 * and to have the device registered with the driver core
284 */
285static struct usb_class_driver lcd_class = {
286        .name =         "lcd%d",
287        .fops =         &lcd_fops,
288        .minor_base =   USBLCD_MINOR,
289};
290
291static int lcd_probe(struct usb_interface *interface, const struct usb_device_id *id)
292{
293        struct usb_lcd *dev = NULL;
294        struct usb_host_interface *iface_desc;
295        struct usb_endpoint_descriptor *endpoint;
296        size_t buffer_size;
297        int i;
298        int retval = -ENOMEM;
299
300        /* allocate memory for our device state and initialize it */
301        dev = kzalloc(sizeof(*dev), GFP_KERNEL);
302        if (dev == NULL) {
303                err("Out of memory");
304                goto error;
305        }
306        kref_init(&dev->kref);
307        sema_init(&dev->limit_sem, USB_LCD_CONCURRENT_WRITES);
308        init_usb_anchor(&dev->submitted);
309
310        dev->udev = usb_get_dev(interface_to_usbdev(interface));
311        dev->interface = interface;
312
313        if (le16_to_cpu(dev->udev->descriptor.idProduct) != 0x0001) {
314                dev_warn(&interface->dev, "USBLCD model not supported.\n");
315                return -ENODEV;
316        }
317        
318        /* set up the endpoint information */
319        /* use only the first bulk-in and bulk-out endpoints */
320        iface_desc = interface->cur_altsetting;
321        for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
322                endpoint = &iface_desc->endpoint[i].desc;
323
324                if (!dev->bulk_in_endpointAddr &&
325                    usb_endpoint_is_bulk_in(endpoint)) {
326                        /* we found a bulk in endpoint */
327                        buffer_size = le16_to_cpu(endpoint->wMaxPacketSize);
328                        dev->bulk_in_size = buffer_size;
329                        dev->bulk_in_endpointAddr = endpoint->bEndpointAddress;
330                        dev->bulk_in_buffer = kmalloc(buffer_size, GFP_KERNEL);
331                        if (!dev->bulk_in_buffer) {
332                                err("Could not allocate bulk_in_buffer");
333                                goto error;
334                        }
335                }
336
337                if (!dev->bulk_out_endpointAddr &&
338                    usb_endpoint_is_bulk_out(endpoint)) {
339                        /* we found a bulk out endpoint */
340                        dev->bulk_out_endpointAddr = endpoint->bEndpointAddress;
341                }
342        }
343        if (!(dev->bulk_in_endpointAddr && dev->bulk_out_endpointAddr)) {
344                err("Could not find both bulk-in and bulk-out endpoints");
345                goto error;
346        }
347
348        /* save our data pointer in this interface device */
349        usb_set_intfdata(interface, dev);
350
351        /* we can register the device now, as it is ready */
352        retval = usb_register_dev(interface, &lcd_class);
353        if (retval) {
354                /* something prevented us from registering this driver */
355                err("Not able to get a minor for this device.");
356                usb_set_intfdata(interface, NULL);
357                goto error;
358        }
359
360        i = le16_to_cpu(dev->udev->descriptor.bcdDevice);
361
362        dev_info(&interface->dev, "USBLCD Version %1d%1d.%1d%1d found "
363                 "at address %d\n", (i & 0xF000)>>12, (i & 0xF00)>>8,
364                 (i & 0xF0)>>4,(i & 0xF), dev->udev->devnum);
365
366        /* let the user know what node this device is now attached to */
367        dev_info(&interface->dev, "USB LCD device now attached to USBLCD-%d\n",
368                 interface->minor);
369        return 0;
370
371error:
372        if (dev)
373                kref_put(&dev->kref, lcd_delete);
374        return retval;
375}
376
377static void lcd_draw_down(struct usb_lcd *dev)
378{
379        int time;
380
381        time = usb_wait_anchor_empty_timeout(&dev->submitted, 1000);
382        if (!time)
383                usb_kill_anchored_urbs(&dev->submitted);
384}
385
386static int lcd_suspend(struct usb_interface *intf, pm_message_t message)
387{
388        struct usb_lcd *dev = usb_get_intfdata(intf);
389
390        if (!dev)
391                return 0;
392        lcd_draw_down(dev);
393        return 0;
394}
395
396static int lcd_resume (struct usb_interface *intf)
397{
398        return 0;
399}
400
401static void lcd_disconnect(struct usb_interface *interface)
402{
403        struct usb_lcd *dev;
404        int minor = interface->minor;
405
406        mutex_lock(&open_disc_mutex);
407        dev = usb_get_intfdata(interface);
408        usb_set_intfdata(interface, NULL);
409        mutex_unlock(&open_disc_mutex);
410
411        /* give back our minor */
412        usb_deregister_dev(interface, &lcd_class);
413 
414        /* decrement our usage count */
415        kref_put(&dev->kref, lcd_delete);
416
417        dev_info(&interface->dev, "USB LCD #%d now disconnected\n", minor);
418}
419
420static struct usb_driver lcd_driver = {
421        .name =                "usblcd",
422        .probe =        lcd_probe,
423        .disconnect =        lcd_disconnect,
424        .suspend =        lcd_suspend,
425        .resume =        lcd_resume,
426        .id_table =        id_table,
427        .supports_autosuspend = 1,
428};
429
430static int __init usb_lcd_init(void)
431{
432        int result;
433        
434        result = usb_register(&lcd_driver);
435        if (result)
436                err("usb_register failed. Error number %d", result);
437
438        return result;
439}
440
441
442static void __exit usb_lcd_exit(void)
443{
444        usb_deregister(&lcd_driver);
445}
446
447module_init(usb_lcd_init);
448module_exit(usb_lcd_exit);
449
450MODULE_AUTHOR("Georges Toth <g.toth@e-biz.lu>");
451MODULE_DESCRIPTION(DRIVER_VERSION);
452MODULE_LICENSE("GPL");