From 561e148ea972a6e8d2c8f7aecc658b3a64f7a6de Mon Sep 17 00:00:00 2001
From: Roland Dreier <roland@topspin.com>
Date: Wed, 25 May 2005 12:31:30 -0700
Subject: [PATCH] IB: fix potential ib_umad leak

Free all unclaimed MAD receive buffers when userspace closes our file so we
don't leak memory.

Signed-off-by: Roland Dreier <roland@topspin.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---
 drivers/infiniband/core/user_mad.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'drivers/infiniband/core/user_mad.c')

diff --git a/drivers/infiniband/core/user_mad.c b/drivers/infiniband/core/user_mad.c
index 56b9c2fa2ecc..9d912d6877ff 100644
--- a/drivers/infiniband/core/user_mad.c
+++ b/drivers/infiniband/core/user_mad.c
@@ -499,6 +499,7 @@ static int ib_umad_open(struct inode *inode, struct file *filp)
 static int ib_umad_close(struct inode *inode, struct file *filp)
 {
 	struct ib_umad_file *file = filp->private_data;
+	struct ib_umad_packet *packet, *tmp;
 	int i;
 
 	for (i = 0; i < IB_UMAD_MAX_AGENTS; ++i)
@@ -507,6 +508,9 @@ static int ib_umad_close(struct inode *inode, struct file *filp)
 			ib_unregister_mad_agent(file->agent[i]);
 		}
 
+	list_for_each_entry_safe(packet, tmp, &file->recv_list, list)
+		kfree(packet);
+
 	kfree(file);
 
 	return 0;
-- 
cgit v1.2.3-59-g8ed1b