The error handling in fbtft_framebuffer_alloc() mixes managed allocation and plain allocation, and performs error handling in an order different from the order in fbtft_framebuffer_release().
Fix them by moving vmem allocation closer to where it is used, and using plain kzalloc() for txbuf allocation. Suggested-by: Andy Shevchenko <andriy.shevche...@intel.com> Suggested-by: Dan Carpenter <dan.carpen...@linaro.org> Signed-off-by: Abdun Nihaal <abdun.nih...@gmail.com> --- v2->v3: - Remove the if check before kfree of txbuf.buf, because it is zero initialized on allocation, and kfree is NULL aware. Newly added in v2 drivers/staging/fbtft/fbtft-core.c | 31 +++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c index 8538b6bab6a5..9e7b84071174 100644 --- a/drivers/staging/fbtft/fbtft-core.c +++ b/drivers/staging/fbtft/fbtft-core.c @@ -568,18 +568,13 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, height = display->height; } - vmem_size = display->width * display->height * bpp / 8; - vmem = vzalloc(vmem_size); - if (!vmem) - goto alloc_fail; - fbdefio = devm_kzalloc(dev, sizeof(struct fb_deferred_io), GFP_KERNEL); if (!fbdefio) - goto alloc_fail; + return NULL; buf = devm_kzalloc(dev, 128, GFP_KERNEL); if (!buf) - goto alloc_fail; + return NULL; if (display->gamma_num && display->gamma_len) { gamma_curves = devm_kcalloc(dev, @@ -588,12 +583,17 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, sizeof(gamma_curves[0]), GFP_KERNEL); if (!gamma_curves) - goto alloc_fail; + return NULL; } info = framebuffer_alloc(sizeof(struct fbtft_par), dev); if (!info) - goto alloc_fail; + return NULL; + + vmem_size = display->width * display->height * bpp / 8; + vmem = vzalloc(vmem_size); + if (!vmem) + goto release_framebuf; info->screen_buffer = vmem; info->fbops = &fbtft_ops; @@ -613,7 +613,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, info->fix.accel = FB_ACCEL_NONE; info->fix.smem_len = vmem_size; if (fb_deferred_io_init(info)) - goto release_framebuf; + goto release_screen_buffer; info->var.rotate = pdata->rotate; info->var.xres = width; @@ -668,7 +668,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, #endif if (txbuflen > 0) { - txbuf = devm_kzalloc(par->info->device, txbuflen, GFP_KERNEL); + txbuf = kzalloc(txbuflen, GFP_KERNEL); if (!txbuf) goto cleanup_deferred; par->txbuf.buf = txbuf; @@ -694,12 +694,10 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, cleanup_deferred: fb_deferred_io_cleanup(info); +release_screen_buffer: + vfree(info->screen_buffer); release_framebuf: framebuffer_release(info); - -alloc_fail: - vfree(vmem); - return NULL; } EXPORT_SYMBOL(fbtft_framebuffer_alloc); @@ -712,6 +710,9 @@ EXPORT_SYMBOL(fbtft_framebuffer_alloc); */ void fbtft_framebuffer_release(struct fb_info *info) { + struct fbtft_par *par = info->par; + + kfree(par->txbuf.buf); fb_deferred_io_cleanup(info); vfree(info->screen_buffer); framebuffer_release(info); -- 2.43.0